How severe is CVE-2023-25734?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2023-25734?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2023-25734 - HIGH Severity | CVSS 8.1

Vulnerability Description

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Related Vulnerabilities

CVE-2016-5385

HIGH

CVSS:8.1(High)

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY envir...

CWE-6012016

CVE-2018-1251

HIGH

CVSS:8.1(High)

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unit...

CWE-6012018

CVE-2018-13813

HIGH

CVSS:8.1(High)

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mob...

CWE-6012018

CVE-2022-20764

HIGH

CVSS:8.1(High)

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) conditi...

CWE-6012022

CVE-2024-22243

HIGH

CVSS:8.1(High)

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open ...

CWE-6012024

CVE-2024-22259

HIGH

CVSS:8.1(High)

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be v...

CWE-6012024