PT-2025-50876 · Unknown · Groupsession Bycloud+2
Published
2025-12-12
·
Updated
2026-02-17
·
CVE-2025-61987
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
GroupSession versions prior to 5.3.0
GroupSession byCloud versions prior to 5.3.3
GroupSession ZION versions prior to 5.3.2
Description
The software does not properly validate origins in WebSockets. If a user accesses a specially crafted webpage, chat information intended for the user may be disclosed.
Recommendations
Update GroupSession to version 5.3.0 or later.
Update GroupSession byCloud to version 5.3.3 or later.
Update GroupSession ZION to version 5.3.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Groupsession
Groupsession Zion
Groupsession Bycloud