CVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

June 1, 2025

CVE ID : CVE-2025-5410

Published : June 1, 2025, 11:15 p.m. | 4 hours, 5 minutes ago

Description : A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5411 – Mist Community Edition Cross-Site Scripting Vulnerability

Next Article CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

Highlights

CVE-2025-32738 – IO DATA HDL-T Series Authentication Bypass

May 15, 2025

CVE ID : CVE-2025-32738

Published : May 15, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Missing authentication for critical function issue exists in I-O DATA network attached hard disk ‘HDL-T Series’ firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

High Tide (TIDAL Client for Linux) Gains New Features

Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia

When IT meets OT: Cybersecurity for the physical world

Microsoft Edge Achieves Sub-300ms FCP: Browser UI Now Loads Instantly

CVE-2025-32738 – IO DATA HDL-T Series Authentication Bypass

CVE-2025-5877 – Fengoffice XML External Entity Reference Vulnerability

Understanding and Implementing OAuth2 and OpenID Connect in .NET

CVE-2025-6094 – FoxCMS SQL Injection Vulnerability

CVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

Related Posts