CVE-2025-24504

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.

CVSS

No CVSS.

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362

Configurations

No configuration.

History

05 Feb 2025, 05:15

Type	Values Removed	Values Added
Summary		(es) Una validación de entrada incorrecta del filtro CSRF da como resultado que la entrada del usuario no desinfectada se escriba en los registros de la aplicación.
References	~~{'url': 'https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678', 'source': 'secure@symantec.com'}~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362 -

30 Jan 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-30 19:15

Updated : 2025-02-05 05:15

NVD link : CVE-2025-24504

Mitre link : CVE-2025-24504

CVE.ORG link : CVE-2025-24504

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-24504", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@symantec.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-01-30T19:15:16.967", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362", "source": "secure@symantec.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@symantec.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An improper input validation the CSRF filter results in unsanitized user input written to the application logs."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta del filtro CSRF da como resultado que la entrada del usuario no desinfectada se escriba en los registros de la aplicaci\u00f3n."}], "lastModified": "2025-02-05T05:15:11.550", "sourceIdentifier": "secure@symantec.com"}