CVE-2025-9031
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-09-24
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| divvydrive | divvydrive_web | 4.8.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Observable Timing Discrepancy issue in DivvyDrive Web versions from 4.8.2.2 before 4.8.2.15. It allows Cross-Domain Search Timing, meaning an attacker could potentially observe timing differences in search operations across domains, which might be used to infer sensitive information.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to gain limited information by measuring timing differences in cross-domain search operations. This may lead to information disclosure, but it does not affect integrity or availability. The CVSS score indicates a low to medium impact with limited confidentiality impact.