cbcvebase.
CVE-2025-25264
published 2025-06-16

CVE-2025-25264: An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy…

medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.

Affected

21 ranges
VendorProductVersion rangeFixed in
wagocc100_0751-9x01>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagocc100_0751-9x01>= 0.0.0 < 04.07.01 (7004.07.01 (70
wagoedge_controller_0752-8303_8000-0002>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagoedge_controller_0752-8303_8000-0002>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagopfc100_g1_0750-810x_xxxx-xxxx>= 0.0.0 < 3.10.11 (FW22 Patch 2)3.10.11 (FW22 Patch 2)
wagopfc100_g2_0750-811x-xxxx-xxxx>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagopfc200_g1_750-820x-xxx-xxx>= 0.0.0 < 3.10.11 (FW22 Patch 2)3.10.11 (FW22 Patch 2)
wagopfc200_g2_750-821x-xxx-xxx>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagopfc200_g2_750-821x-xxx-xxx>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagotp600_0762-420x_8000-000x>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagotp600_0762-420x_8000-000x>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagotp600_0762-430x_8000-000x>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagotp600_0762-430x_8000-000x>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagotp600_0762-520x_8000-000x>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagotp600_0762-520x_8000-000x>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagotp600_0762-530x_8000-000x>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagotp600_0762-530x_8000-000x>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagotp600_0762-620x_8000-000x>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagotp600_0762-620x_8000-000x>= 0.0.0 < 04.07.01 (70)04.07.01 (70)
wagotp600_0762-630x_8000-000x>= 0.0.0 < 04.07.01 (FW29)04.07.01 (FW29)
wagotp600_0762-630x_8000-000x>= 0.0.0 < 04.07.01 (70)04.07.01 (70)