CVE-2025-8528
BaseFortify
Publication date: 2025-08-04
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exrick | xboot | to 3.3.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-315 | The product stores sensitive information in cleartext in a cookie. |
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information through cleartext storage in cookies, which could be accessed by attackers remotely. This may result in unauthorized disclosure of sensitive data, potentially compromising user privacy or security.
Can you explain this vulnerability to me?
This vulnerability in Exrick xboot up to version 3.3.4 involves an unknown function in the file /xboot/permission/getMenuList that causes sensitive information to be stored in cleartext within a cookie. The vulnerability can be exploited remotely, but the attack complexity is high and exploitability is difficult. The exploit has been publicly disclosed.