CVE-2025-10240
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-09
Assigner: Progress Software Corporation
Description
Description
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| progress | flowmon | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Progress Flowmon web application prior to version 12.5.5 allows an attacker to craft a malicious link that, when clicked by an authenticated user, can cause unintended actions to be executed within that user's session.
How can this vulnerability impact me? :
The vulnerability can lead to serious impacts including unauthorized actions being performed on behalf of the user, potentially resulting in full compromise of confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70