How severe is CVE-2025-43916?

This vulnerability has a severity rating of LOW with a CVSS score of 3.4 out of 10.

What type of vulnerability is CVE-2025-43916?

This is classified as CWE-647, which is a common weakness in software security.

CVE-2025-43916

LOW Year: 2025

CVSS v3 Score

3.4

Low

Weakness Type

CWE-647

View all →

Vulnerability Description

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."

CVE-2025-47241

MEDIUM

CVSS:4.0(Medium)

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

CWE-6472025

CVE-2022-43939

CRITICAL

CVSS:9.8(Critical)

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

CWE-6472022

CVE-2025-47241

MEDIUM

CVSS:4.0(Medium)

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

CWE-6472025

CVE-2025-43916

Vulnerability Description

Related Vulnerabilities

CVE-2025-47241

CVE-2022-43939

CVE-2025-47241