CSRF Vulnerability in Ercom Cryptobox Administration Console
CVE-2025-14266

0.6LOW

Key Information:

Vendor: Ercom
Status: Cryptobox
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-14266?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the administration console of Ercom Cryptobox. This flaw allows an attacker to initiate actions on behalf of an authenticated Cryptobox administrator. For exploitation, the administrator must visit a malicious site or click on an unintended link while their session is active. This could lead to unauthorized actions being performed without the administrator's consent or knowledge.

Affected Version(s)

Cryptobox 4.0.0 < 4.37.229

Cryptobox 4.38.0 < 4.39.200

References

https://info.cryptobox.com/doc/v4.39/4.39.en/#fix2

CVSS V4

Score:

0.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Dec 8, 2025

JSON