CVE-2025-25264: Overly Permissive CORS Policy in WAGO Device Manager

Published Jun 16, 2025

Updated

An unauthenticated remote attacker can trick an admin to visit a website containing malicious java script code. The current overly permissive CORS policy allows the attacker to obtain any files from the file system.

Affected Software

1 affected component

WAGO Device Manager

Event History

Jun 16, 2025

CVE Published

via MITRE·09:45 AM

Data Sourced

via MITRE·09:45 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:15 AM

DescriptionSeverityWeakness

Apr 30, 57860

Event

via MITRE·11:07 AM

Frequently Asked Questions

What is the severity of CVE-2025-25264?

CVE-2025-25264 is considered a high severity vulnerability due to its potential to expose sensitive data.

How do I fix CVE-2025-25264?

To fix CVE-2025-25264, update the WAGO Device Manager to the latest version that addresses the overly permissive CORS policy.

Who is affected by CVE-2025-25264?

Users of WAGO Device Manager are affected by CVE-2025-25264 due to the vulnerability in its CORS configuration.

What can an attacker do with CVE-2025-25264?

An attacker exploiting CVE-2025-25264 can gain unauthorized access to responses, potentially leading to exposure of sensitive data.

Is CVE-2025-25264 a remote vulnerability?

Yes, CVE-2025-25264 is a remote vulnerability that allows unauthenticated attackers to exploit the CORS policy.

CVE-2025-25264: Overly Permissive CORS Policy in WAGO Device Manager

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-25264?

How do I fix CVE-2025-25264?

Who is affected by CVE-2025-25264?

What can an attacker do with CVE-2025-25264?

Is CVE-2025-25264 a remote vulnerability?

Company

Resources

Contact