CNNVD-202510-3612 Information

CNNVD ID

CNNVD-202510-3612

Related CVE

CVE-2025-12245

• CNNVD Published: 2025-10-27

Description (Chinese)

Chatwoot是Chatwoot开源的一个应用软件。客户参与套件，对讲、Zendesk、Salesforce 服务云等的开源替代方案。 Chatwoot 4.7.0及之前版本存在访问控制错误漏洞，该漏洞源于对文件app/javascript/sdk/IFrameHelper.js中参数baseUrl的错误操作导致来源验证错误。

Description (English)

Chatwoot is an application from Chatwoot Open Source. Clients participate in an open source alternative to talk, Zendesk, Salesforce service cloud, etc. Chatwoot 4.7.0 and previous versions had access control bugs, which resulted from a source validation error as a result of an error in the application of the parameter BaseUrl in documentapp/javascript/sdk/IFrameHelper.js.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Chatwoot

Published

2025-10-27

Last Modified

2026-02-24

References

https://hckwr.com/blog/multiple-vulnerabilities-in-chatwoot/ https://vuldb.com/?ctiid.329916 https://vuldb.com/?id.329916 https://vuldb.com/?submit.673800