How severe is CVE-2025-31120?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-31120?

This is classified as CWE-565, which is a common weakness in software security.

CVE-2025-31120 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0.

Related Vulnerabilities

CVE-2019-4305

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

CWE-5652019

CVE-2022-35284

MEDIUM

CVSS:5.3(Medium)

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.

CWE-5652022

CVE-2024-1551

MEDIUM

CVSS:6.1(Medium)

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, the...

CWE-5652024

CVE-2020-15128

MEDIUM

CVSS:6.3(Medium)

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other the...

CWE-5652020

CVE-2020-4749

MEDIUM

CVSS:4.3(Medium)

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a use...

CWE-5652020

CVE-2021-20450

MEDIUM

CVSS:4.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link ...

CWE-5652021