CVE-2025-4515 – Zylon PrivateGPT Cross-Domain Policy Vulnerability

May 10, 2025

CVE ID : CVE-2025-4515

Published : May 10, 2025, 9:15 p.m. | 3 hours, 9 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47814 – GNU PSPP Zip-Reader Heap-Based Buffer Overflow

Next Article CVE-2025-4513 – Moodle Catalyst User Key Authentication Plugin Open Redirect Vulnerability

Highlights

CVE-2025-6487 – TOTOLINK A3002R Stack-Based Buffer Overflow

June 22, 2025

CVE ID : CVE-2025-6487

Published : June 22, 2025, 6:15 p.m. | 6 hours, 44 minutes ago

Description : A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-4515 – Zylon PrivateGPT Cross-Domain Policy Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

PHP 8.5.0 RC 1 available for testing

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

JavaScript Weekly Insights #20: Latest Frameworks, Tools & Trends

CVE-2025-6487 – TOTOLINK A3002R Stack-Based Buffer Overflow

CVE-2025-3752 – Able Player WordPress Stored Cross-Site Scripting Vulnerability

6 rumored Android 16 features that are making this loyal Pixel user ecstatic

Train and deploy models on Amazon SageMaker HyperPod using the new HyperPod CLI and SDK

CVE-2025-4515 – Zylon PrivateGPT Cross-Domain Policy Vulnerability

Related Posts