CORS Misconfiguration Vulnerability in Hiberus Sintra
CVE-2025-41010

5.1MEDIUM

Key Information:

Vendor: Hiberus
Status: Sintra
Vendor: CVE Published:; 2 October 2025

What is CVE-2025-41010?

The vulnerability is rooted in an improper configuration of Cross-Origin Resource Sharing (CORS) in Hiberus Sintra. CORS is a crucial protocol that governs how web applications interact with resources from different origins. When implemented incorrectly, it allows attackers to manipulate web requests and potentially gain unauthorized access to sensitive information or perform privileged actions. This misconfiguration arises, particularly when the Access-Control-Allow-Credentials flag is enabled, inadvertently permitting harmful cross-origin requests that can compromise data integrity and confidentiality.

Affected Version(s)

Sintra All versions

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Manuel Gomez Argandoña

JSON