CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
CVE-2019-10243 (GCVE-0-2019-10243)
Vulnerability from cvelistv5 – Published: 2019-04-09 15:42 – Updated: 2024-08-04 22:17- CWE-497 - Exposure of System Data to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107844 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Kura |
Affected:
unspecified , ≤ 4.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"
},
{
"name": "107844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Kura",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of System Data to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T15:06:15.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"
},
{
"name": "107844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2019-10243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Kura",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497: Exposure of System Data to an Unauthorized Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=545834"
},
{
"name": "107844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2019-10243",
"datePublished": "2019-04-09T15:42:42.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:19.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25358 (GCVE-0-2018-25358)
Vulnerability from cvelistv5 – Published: 2026-05-23 18:30 – Updated: 2026-07-15 01:23- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45002 | exploit |
| http://ca.dlink.com/ | product |
| https://www.packetlabs.net | product |
| http://support.dlink.ca/ProductInfo.aspx?m=DIR-601 | product |
| https://www.vulncheck.com/advisories/d-link-dir60… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T14:14:12.259990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:14:26.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DIR-601",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-601:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Richard Rogerson"
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:23:37.347Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45002",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45002"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://ca.dlink.com/"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.packetlabs.net"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://support.dlink.ca/ProductInfo.aspx?m=DIR-601"
},
{
"name": "VulnCheck Advisory: D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/d-link-dir601-2-02na-credential-disclosure-via-my-cgi-cgi"
}
],
"title": "D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25358",
"datePublished": "2026-05-23T18:30:57.111Z",
"dateReserved": "2026-05-23T16:48:08.746Z",
"dateUpdated": "2026-07-15T01:23:37.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-22VC-CP5H-M3M9
Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.
{
"affected": [],
"aliases": [
"CVE-2025-68494"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:19Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through \u003c= 4.11.53.",
"id": "GHSA-22vc-cp5h-m3m9",
"modified": "2026-01-20T15:32:33Z",
"published": "2025-12-24T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68494"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/premium-addons-for-elementor/vulnerability/wordpress-premium-addons-for-elementor-plugin-4-11-53-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premium-addons-for-elementor/vulnerability/wordpress-premium-addons-for-elementor-plugin-4-11-53-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-248R-C6GJ-JWPQ
Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-11-06 18:32Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems.
{
"affected": [],
"aliases": [
"CVE-2024-13999"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-30T22:15:45Z",
"severity": "HIGH"
},
"details": "Nagios XI versions prior to 2024R1.1.3, under certain circumstances,\u00a0disclose the server\u0027s Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server\u2019s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems.",
"id": "GHSA-248r-c6gj-jwpq",
"modified": "2025-11-06T18:32:47Z",
"published": "2025-10-31T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13999"
},
{
"type": "WEB",
"url": "https://www.nagios.com/changelog/nagios-xi"
},
{
"type": "WEB",
"url": "https://www.nagios.com/products/security/#nagios-xi"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/nagios-xi-ad-ldap-token-authenticated-information-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-24PV-CXM8-65FP
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 18:31Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.
{
"affected": [],
"aliases": [
"CVE-2026-25344"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:45Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through \u003c= 2.2.6.",
"id": "GHSA-24pv-cxm8-65fp",
"modified": "2026-03-26T18:31:33Z",
"published": "2026-03-25T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25344"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/review-schema/vulnerability/wordpress-review-schema-plugin-2-2-6-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-24Q7-R72H-HCM2
Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
{
"affected": [],
"aliases": [
"CVE-2025-68606"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:28Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through \u003c= 5.0.3.",
"id": "GHSA-24q7-r72h-hcm2",
"modified": "2026-01-20T15:32:41Z",
"published": "2025-12-24T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68606"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/ultimate-post/vulnerability/wordpress-postx-plugin-5-0-3-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/ultimate-post/vulnerability/wordpress-postx-plugin-5-0-3-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-253G-QMMX-2X98
Vulnerability from github – Published: 2025-10-27 03:30 – Updated: 2026-01-20 15:31Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.
{
"affected": [],
"aliases": [
"CVE-2025-62902"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T02:15:49Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through \u003c= 1.3.6.",
"id": "GHSA-253g-qmmx-2x98",
"modified": "2026-01-20T15:31:35Z",
"published": "2025-10-27T03:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62902"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-popup-builder/vulnerability/wordpress-wp-popup-builder-plugin-1-3-6-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-popup-builder/vulnerability/wordpress-wp-popup-builder-plugin-1-3-6-sensitive-data-exposure-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-popup-builder/vulnerability/wordpress-wp-popup-builder-plugin-1-3-6-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-273C-54FQ-2595
Vulnerability from github – Published: 2025-05-15 06:31 – Updated: 2025-05-15 06:31In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.
{
"affected": [],
"aliases": [
"CVE-2025-48024"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-15T05:15:51Z",
"severity": "MODERATE"
},
"details": "In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.",
"id": "GHSA-273c-54fq-2595",
"modified": "2025-05-15T06:31:13Z",
"published": "2025-05-15T06:31:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-jjmg-cjr4-439m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48024"
},
{
"type": "WEB",
"url": "https://github.com/bluewave-labs/Checkmate/pull/2227"
},
{
"type": "WEB",
"url": "https://github.com/bluewave-labs/Checkmate/commit/36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287"
},
{
"type": "WEB",
"url": "https://github.com/bluewave-labs/Checkmate/commit/7a855ef47adf2265121c236097059c7c6555fd7c"
},
{
"type": "WEB",
"url": "https://github.com/bluewave-labs/Checkmate/commit/91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-28P8-98P7-Q6XQ
Vulnerability from github – Published: 2025-12-26 15:30 – Updated: 2025-12-26 15:30IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
{
"affected": [],
"aliases": [
"CVE-2025-36229"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-26T15:15:46Z",
"severity": "LOW"
},
"details": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.",
"id": "GHSA-28p8-98p7-q6xq",
"modified": "2025-12-26T15:30:17Z",
"published": "2025-12-26T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36229"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-29CC-HW6R-MR24
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2025-12-18 21:31An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading.
{
"affected": [],
"aliases": [
"CVE-2019-25228"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T20:15:48Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading.",
"id": "GHSA-29cc-hw6r-mr24",
"modified": "2025-12-18T21:31:42Z",
"published": "2025-12-18T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25228"
},
{
"type": "WEB",
"url": "https://devnet.kentico.com/download/hotfixes"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/kentico-xperience-virtual-context-information-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.