CVE-2025-31045
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the elfsight Contact Form widget (up to version 2.3.1) allows unauthenticated attackers to access sensitive system information that should be restricted. It is classified as a Sensitive Data Exposure issue, meaning attackers can retrieve embedded sensitive data from the system without authorization. This flaw is due to security misconfiguration and is considered high priority with a CVSS score of 7.5. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information, which may enable attackers to further exploit the system or compromise the website. Since the vulnerability allows access without authentication, it increases the risk of data breaches and potential damage to system integrity. There is currently no official fix, but a virtual patch is available to mitigate attacks until an official update is released. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block attacks until an official fix is released. Users should also consider professional incident response if their sites have been compromised. Since no official update is available yet, applying the virtual patch is the recommended action to protect against exploitation. [1]