How severe is CVE-2014-125071?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2014-125071?

This is classified as CWE-1385, which is a common weakness in software security.

CVE-2014-125071 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.

Related Vulnerabilities

CVE-2024-23168

CRITICAL

CVSS:9.8(Critical)

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.

CWE-13852024

CVE-2023-0957

CRITICAL

CVSS:9.6(Critical)

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Git...

CWE-13852023

CVE-2025-24964

CRITICAL

CVSS:9.6(Critical)

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site We...

CWE-13852025

CVE-2024-48849

HIGH

CVSS:9.4(Critical)

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

CWE-13852024

CVE-2023-26114

CRITICAL

CVSS:9.3(Critical)

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to ac...

CWE-13852023

CVE-2023-2848

HIGH

CVSS:8.8(High)

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.

CWE-13852023