•
MEDIUM Severity
CVE-2025-5410
Cross-Site Request Forgery in Mist Community Edition
Overview
A cross-site request forgery vulnerability has been detected in Mist Community Edition up to version 4.7.1. The vulnerability affects the 'session_start_response' function of the 'src/mist/api/auth/middleware.py' file. Upgrading to version 4.7.2 addresses the issue.
Technical Details
The flaw allows attackers to manipulate operations which leads to cross-site request forgery. Remote attackers can initiate this attack. This issue is problematic and publicly disclosed, making it open to exploitation.
CVSS Metrics
- CVSS Base Score: 5.3
- Attack Vector: NETWORK
- Attack Complexity: LOW
- User Interaction: PASSIVE
- Confidentiality Impact: NONE
- Integrity Impact: LOW
- Availability Impact: NONE
- Base Severity: MEDIUM
Impact
Attackers can manipulate the user data and performs operations on behalf of user without their consent.
Recommendations
Upgrade the Mist Community Edition software to version 4.7.2 or later to mitigate the vulnerability.
Threat Metrics
- cvss_score: 5.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW