How severe is CVE-2025-4515?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-4515?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2025-4515 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-8523

MEDIUM

CVSS:4.3(Medium)

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to co...

CWE-3462017

CVE-2018-8112

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft ...

CWE-3462018

CVE-2018-8235

MEDIUM

CVSS:4.3(Medium)

CWE-3462018

CVE-2019-1413

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass ...

CWE-3462019

CVE-2020-12397

MEDIUM

CVSS:4.3(Medium)

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

CWE-3462020

CVE-2020-28481

MEDIUM

CVSS:4.3(Medium)

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

CWE-3462020