Information Disclosure Vulnerability in Vaadin Products by Vaadin
CVE-2023-25500

3.5LOW

Key Information:

Vendor: Vaadin
Status: Vaadin; Flow-server
Vendor: CVE Published:; 22 June 2023

What is CVE-2023-25500?

This vulnerability in the Vaadin Framework can lead to unintentional exposure of sensitive class and method names via manipulated RPC requests. When specific requests are altered, it enables the potential leakage of internal application details that can be exploited by malicious actors. Applications using affected versions should implement security measures to mitigate unauthorized information exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

flow-server 1.0.0 <= 1.0.20

flow-server 1.1.0 <= 2.9.2

flow-server 3.0.0 <= 9.1.1

References

https://github.com/vaadin/flow/pull/16935

https://vaadin.com/security/cve-2023-25500

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Feb 6, 2023

JSON

Vaadin