← volver
CVE-2025-64781

CVE-2025-64781

CVSS 5.1 MEDIUMEPSS 0.2%CWE-1188
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Japan Total System Co.,Ltd. · GroupSession byCloudJapan Total System Co.,Ltd. · GroupSession Free editionJapan Total System Co.,Ltd. · GroupSession ZION

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://groupsession.jp/info/info-news/security20251208https://jvn.jp/en/jp/JVN19940619/