Cookie Management Flaw in xdg-open of xdg-utils by FreeDesktop
CVE-2025-52968

2.7LOW

Key Information:

Vendor: Freedesktop
Status: Xdg-utils
Vendor: CVE Published:; 23 June 2025

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2025-52968?

A potential vulnerability exists in the xdg-open component of xdg-utils through version 1.2.1. This flaw allows for the sending of requests that include SameSite=Strict cookies. While there is contention surrounding this issue, it is crucial to note that the underlying integrations of xdg-open do not typically disclose whether commands and arguments are entered by the user or originate from an untrusted source. This ambiguity raises concerns regarding the security of cookie management and could lead to CSRF attacks if not properly mitigated.

Affected Version(s)

xdg-utils 0 <= 1.2.1

References

https://cgit.freedesktop.org/xdg/xdg-utils/tag/?h=v1.2.1

https://www.openwall.com/lists/oss-security/2025/06/23/1

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Jun 23, 2025