CVE-2025-48740 Information

Description

A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16 5.3.0 before 5.3.11 5.4.0 before 5.4.10 and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim’s behalf if the attacker lures a privileged user authenticated with basic authentication.

Reference

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md