CNNVD-202511-1607 Information

CNNVD ID

CNNVD-202511-1607

Related CVE

CVE-2025-52186

• CNNVD Published: 2025-11-13

Description (Chinese)

lila是Lichess开源的一个无广告和开源的国际象棋服务器。 lila存在安全漏洞，该漏洞源于游戏导出API中players参数未经验证直接传递，可能导致服务端请求伪造。

Description (English)

lila is a non-advertising and open chess server for Lichess. There is a security loophole in lila, which stems from the unverified direct transmission of the game ’ s API ’ s Players parameters, which may lead to the forgery of service requests.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Lichess

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/lichess-org/lila/commit/11b4c0fb00f0ffd8232346f839627005459c8f05c https://hackerone.com/reports/3165242 https://access.redhat.com/security/cve/cve-2025-52186