CNNVD-202510-3468 Information

CNNVD ID

CNNVD-202510-3468

Related CVE

CVE-2025-62523

• CNNVD Published: 2025-10-27

Description (Chinese)

PILOS是THM开源的一个前端软件。 PILOS 4.8.0之前版本存在安全漏洞，该漏洞源于跨资源共享配置不当，可能导致恶意网站发送包含凭据的请求。

Description (English)

PILOS is a front-end software for the THM open source. There was a security loophole in the pre-PILOS 4.8.0 version, which stemmed from the misallocation of resources across the resource-sharing spectrum, which could lead to the issuance of supporting requests on malicious websites.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

THM

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8 https://github.com/THM-Health/PILOS/security/advisories/GHSA-pgfw-f4mp-5445 https://access.redhat.com/security/cve/cve-2025-62523

Patch

https://github.com/THM-Health/PILOS/releases