API Testing IDE Vulnerability in Bruno Open Source Product
CVE-2025-30354

8.7HIGH

Key Information:

Vendor: Usebruno
Status: Bruno
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-30354?

A bug in the Bruno open-source IDE allows assert expressions to execute in Developer Mode, even when Safe Mode is enabled. This flaw ignores critical sandbox settings when users run requests from collections that may originate from untrusted or malicious sources. Although the exploit necessitates intentional action by the user—such as downloading and executing a harmful Bruno collection—the risk underscores the importance of exercising caution when importing collections from unknown origins. The issue has been addressed in the release of Bruno version 1.39.1.

Affected Version(s)

bruno < 1.39.1

References

https://github.com/usebruno/bruno/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 21, 2025

CVE-2025-30354 Data

JSON

Usebruno

What is CVE-2025-30354?

Affected Version(s)

References

CVSS V4

Timeline