How severe is CVE-2025-30354?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-30354?

This is classified as CWE-942, which is a common weakness in software security.

CVE-2025-30354 - HIGH Severity | CVSS N/A

Vulnerability Description

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1.

Related Vulnerabilities

CVE-2021-27786

CRITICAL

CVSS:9.8(Critical)

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial r...

CWE-9422021

CVE-2022-26969

CRITICAL

CVSS:9.8(Critical)

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

CWE-9422022

CVE-2022-31736

CRITICAL

CVSS:9.8(Critical)

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CWE-9422022

CVE-2023-50940

CRITICAL

CVSS:9.8(Critical)

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being...

CWE-9422023

CVE-2024-37131

CRITICAL

CVSS:9.8(Critical)

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leadi...

CWE-9422024

CVE-2023-25603

CRITICAL

CVSS:9.1(Critical)

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privil...

CWE-9422023