Description

Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.

INFO

Published Date :

2025-10-02T12:22:32.030Z

Last Modified :

2025-10-02T15:52:28.607Z

Source :

INCIBE
AFFECTED PRODUCTS

The following products are affected by CVE-2025-41010 vulnerability.

Vendors Products
Hiberus
  • Sintra
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41010.

URL Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-origin-resource-sharing-cors-hiberus-sintra cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability