Reconnecting to live updates…

CVE-2025-14117: Cross-Site Request Forgery in fit2cloud Halo

Medium

VulnerabilityCVE-2025-14117cve cve-2025-14117

Published: Sat Dec 06 2025 (12/06/2025, 05:32:06 UTC)

Source: CVE Database V5

Vendor/Project: fit2cloud

Product: Halo

Description

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Technical Details

Data Version: 5.2
Assigner Short Name: VulDB
Date Reserved: 2025-12-05T15:26:46.924Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 6933c088c86a12d0de69d1d5

Added to database: 12/6/2025, 5:35:04 AM

Last updated: 12/6/2025, 5:35:06 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-13292: CWE-269 Improper Privilege Management in Google Cloud Apigee-X

High

VulnerabilitySat Dec 06 2025

CVE-2025-13922: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI

Medium

VulnerabilitySat Dec 06 2025

CVE-2025-12505: CWE-285 Improper Authorization in wedevs weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot

Medium

VulnerabilitySat Dec 06 2025

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

Medium

VulnerabilitySat Dec 06 2025

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Medium

VulnerabilitySat Dec 06 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Reference 3 Reference 4 Reference 5 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-14117: Cross-Site Request Forgery in fit2cloud Halo

CVE-2025-14117: Cross-Site Request Forgery in fit2cloud Halo

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-13292: CWE-269 Improper Privilege Management in Google Cloud Apigee-X

CVE-2025-13922: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI

CVE-2025-12505: CWE-285 Improper Authorization in wedevs weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility