CVE-2025-49004

Name of the Vulnerable Software and Affected Versions Caido versions prior to 0.48.0

Description Caido is a web security auditing toolkit that lacks protection for DNS rebinding, allowing it to be loaded on an attacker-controlled domain. This enables a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding, requiring the victim to authorize the request on dashboard.caido.io.

Recommendations Upgrade to version 0.48.0 to receive a patch.