CVE-2025-60949

CVSS v3.1

9.1

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-60949

Affected Products

Csweb

CVE-2025-60949

Weakness Enumeration

Related Identifiers

Affected Products

References · 5