Clickjacking Vulnerability in Thales Group Web Applications
CVE-2025-64387

5.1MEDIUM

Key Information:

Vendor: Circutor
Status: Tcprs1plus
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-64387?

The web application is susceptible to clickjacking attacks, where an attacker can embed the vulnerable page within a frame controlled by them. This deception tricks users into interacting with seemingly legitimate controls, potentially leading to unauthorized actions such as credential submission. Organizations using Thales web applications should take proactive measures to implement defenses against such attacks.

Affected Version(s)

TCPRS1plus 1.0.14

References

https://circutor.com/productos/iot-industrial-y-automatiz...

product

https://cds.thalesgroup.com/es/s21sec

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

Víctor Bello Cuevas

Aarón Flecha Menéndez

JSON

Circutor

What is CVE-2025-64387?

Affected Version(s)

References

CVSS V4

Timeline

Credit