CVE-2025-62236

Summary

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.

Affected Software

VendorProductVersion RangeStatus
Frontier Airlinesflyfrontier.com*affected

Weaknesses

  • CWE-204: CWE-204 Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References