PT-2025-24081 · Zlf+1 · Zlf+1
Published
2025-06-06
·
Updated
2025-06-06
·
CVE-2025-41363
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
IDF versions 0.10.0-0C03-03
ZLF versions 0.10.0-0C03-04
Description
A configuration error has been detected in cross-origin resource sharing (CORS) in the affected software. This issue can be exploited by authenticating to the device and executing certain commands that can be executed with view permission.
Recommendations
For IDF version 0.10.0-0C03-03, update to a version that fixes the CORS configuration error.
For ZLF version 0.10.0-0C03-04, update to a version that fixes the CORS configuration error.
As a temporary workaround, consider restricting access to commands that can be executed with view permission until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Idf
Zlf