fit2cloud Halo cross-site request forgery_CVE-2025-14117

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14117

Source VulDB

Published Dec 6, 2025 at 05:32

Affected Product

Vendor fit2cloud

Product Halo

Version 2.21.10

Affected Versions fit2cloud Halo 2.21.10

CWE Classification

CWE-352 CWE-862

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-06T05:32:06.404Z",
    "modified": "2025-12-06T05:32:06.404Z",
    "type": "cve",
    "title": "fit2cloud Halo cross-site request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334494\nhttps://vuldb.com/?ctiid.334494\nhttps://vuldb.com/?submit.697391\nhttps://blksword.flowus.cn/\nhttps://github.com/BlkSword/POC",
    "id": "CVE-2025-14117",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352",
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "fit2cloud Halo 2.21.10",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Halo",
    "version": "2.21.10",
    "vendor": "fit2cloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}