Threats Tagged 'cve-2025-64166'
View all threats tagged with 'cve-2025-64166'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2025-64166'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2025-64166: CWE-352: Cross-Site Request Forgery (CSRF) in mercurius-js mercuriusCVE-2025-64166 0 Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or text/plain could be misinterpreted as application/json. This misinterpretation bypasses the preflight checks performed by the fetch() API, potentially allowing unauthorized actions to be performed on behalf of an authenticated user. This issue has been patched in version 16.4.0. Join the discussion | CVE Database V5 | 03/05/2026, 15:31:45 UTC Added: 03/05/2026, 17:41:51 UTC |
Showing 1 to 1 of 1 result