CVE-2025-48740

Summary

A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication.

Affected Software

VendorProductVersion RangeStatus
StrangeBeeTheHive5.2.0 < 5.2.16affected
StrangeBeeTheHive5.3.0 < 5.3.11affected
StrangeBeeTheHive5.4.0 < 5.4.10affected
StrangeBeeTheHive5.5.0 < 5.5.1affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References