CVE-2025-27317

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 24, 2025

CWE ID 352

Summary

CVE-2025-27317 is a Cross-Site Request Forgery (CSRF) vulnerability affecting IT-RAYS RAYS Grid. This issue enables an attacker to manipulate a user's browser into making unintended requests to the IT-RAYS RAYS Grid server on behalf of the user. The vulnerability exists in versions of RAYS Grid from n/a through 1.3.1, putting these users at risk of data theft or unauthorized system actions. Successful exploitation could lead to significant security consequences, including account takeover and data loss. Users of IT-RAYS RAYS Grid are strongly urged to update to a patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lxtYB
https://www.cve.org/CVERecord?id=CVE-2025-27317
https://nvd.nist.gov/vuln/detail/CVE-2025-27317

Back to Vulnerability Database

CVE-2025-27317

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations