CVE-2023-25499
Last modified
CVE-2023-25499 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure. . EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Vaadin | Vaadin | >= 10.0.0, < 10.0.23 | — |
| Vaadin | Vaadin | >= 11.0.0, < 14.10.1 | — |
| Vaadin | Vaadin | >= 15.0.0, <= 22.0.28 | — |
| Vaadin | Vaadin | >= 23.0.0, < 23.3.13 | — |
| Vaadin | Vaadin | >= 24.0.0, < 24.0.6 | — |
| Vaadin | Vaadin | 24.1.0 | Alpha1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-25499?
How severe is CVE-2023-25499?
How do I fix CVE-2023-25499?
Are you affected by CVE-2023-25499?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST