CVE-2025-31138

Summary

CVE-2025-31138 is a vulnerability affecting tarteaucitron.js, a cookie banner, prior to version 1.20.1. The issue lies in the lack of proper validation of user-controlled inputs related to element dimensions, allowing an attacker with access to the site's source code or a CMS plugin to set malicious values, such as 100% width and height, and position:fixed. These actions could result in the overlaying of malicious UI elements on top of legitimate content, enabling clickjacking attacks, user interaction with hidden elements, or website functionality disruption. This vulnerability has been addressed in version 1.20.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.