CVE-2025-29621

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Apr 22, 2025

Updated: Apr 23, 2025

CWE ID 290

Summary

CVE-2025-29621 is a content spoofing vulnerability affecting Francois Jacquet RosarioSIS v12.0.0. This issue resides within the Theme configuration under the My Preferences module, enabling attackers to manipulate application settings without proper authorization. The exploitation of this vulnerability could lead to significant consequences, including unintended changes to system settings or the unauthorized exposure of sensitive data. It is crucial for users to update to a patched version of RosarioSIS as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4OMEQ1
https://www.cve.org/CVERecord?id=CVE-2025-29621
https://nvd.nist.gov/vuln/detail/CVE-2025-29621

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-29621

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations