PT-2025-24084 · Zlf+1 · Zlf+1
Published
2025-06-06
·
Updated
2025-06-06
·
CVE-2025-41366
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
IDF versions 0.10.0-0C03-03
ZLF versions 0.10.0-0C03-04
Description
A configuration error has been detected in cross-origin resource sharing (CORS) in the affected software. To exploit this issue, an attacker must authenticate to the device and execute specific commands that require permissions higher than the view permission.
Recommendations
For IDF version 0.10.0-0C03-03, update to a version that fixes the CORS configuration error.
For ZLF version 0.10.0-0C03-04, update to a version that fixes the CORS configuration error.
As a temporary workaround, consider restricting access to commands that can be executed with higher permissions than the view permission until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Idf
Zlf