CVE-2025-4515 – Zylon PrivateGPT Cross-Domain Policy Vulnerability

May 10, 2025

CVE ID : CVE-2025-4515

Published : May 10, 2025, 9:15 p.m. | 3 hours, 9 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47814 – GNU PSPP Zip-Reader Heap-Based Buffer Overflow

Next Article CVE-2025-4513 – Moodle Catalyst User Key Authentication Plugin Open Redirect Vulnerability

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

Sam Altman says ChatGPT has evolved beyond a mere “Google replacement” — with ads potentially coming to users

What Are the PHP Trends in 2025

What Are the PHP Trends in 2025

Real-Time Observability for Node.js – Without Code Changes

Elevating API Automation: Exploring Karate as an Alternative to Rest-Assured

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

CVE-2025-4515 – Zylon PrivateGPT Cross-Domain Policy Vulnerability

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

Pinta 3.0 Released With New Effects and GTK4 Port

The Front-End Performance Optimization Handbook – Tips and Strategies for Devs

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise

CVE-2025-47303 – Apache Struts Command Injection

Nephele is a pluggable WebDAV server

How climate tech startups are building foundation models with Amazon SageMaker HyperPod

CVE-2025-47937 – TYPO3 Table Query Privilege Escalation Vulnerability

CVE-2025-4515 – Zylon PrivateGPT Cross-Domain Policy Vulnerability

Related Posts