CVE-2025-55301
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the-scratch-channel | tsc-web-client | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in The Scratch Channel version 1 allows an attacker to use developer tools to edit the account's username locally via the browser's local storage. This means the username can be manipulated on the client side, potentially causing issues with account integrity. This vulnerability was fixed in version 1.1.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized modification of the username on the client side, which could lead to confusion, impersonation, or other issues related to account identity. It may also affect the reliability of user data and could potentially be exploited in combination with other vulnerabilities.
What immediate steps should I take to mitigate this vulnerability?
Update the Scratch Channel application to version 1.1 or later, as this version contains the patch that fixes the vulnerability allowing local storage username editing.