← back
CVE-2025-64781

CVE-2025-64781

CVSS 5.1 MEDIUMEPSS 0.2%CWE-1188
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.2%KEV nãoPoC Patch
Lifecycle
12 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Japan Total System Co.,Ltd. · GroupSession byCloudJapan Total System Co.,Ltd. · GroupSession Free editionJapan Total System Co.,Ltd. · GroupSession ZION

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://groupsession.jp/info/info-news/security20251208https://jvn.jp/en/jp/JVN19940619/