CVE-2025-48740 - Vulnerability Details - OpenCVE

A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Strangebee	Thehive

No data.

No data.

References

Link	Providers
https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md

History

Fri, 23 May 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 23 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication.
Weaknesses		CWE-352
References		https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md
Metrics		cvssV4_0 `{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-05-23T00:00:00.000Z

Updated: 2025-05-23T21:18:48.947Z

Reserved: 2025-05-23T00:00:00.000Z

Link: CVE-2025-48740

Vulnrichment

Updated: 2025-05-23T21:18:43.693Z

NVD

Status : Awaiting Analysis

Published: 2025-05-23T20:15:25.570

Modified: 2025-05-28T14:58:52.920

Link: CVE-2025-48740

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-48740", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-23T21:18:48.947Z", "dateReserved": "2025-05-23T00:00:00.000Z", "datePublished": "2025-05-23T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TheHive", "vendor": "StrangeBee", "versions": [{"lessThan": "5.2.16", "status": "affected", "version": "5.2.0", "versionType": "semver"}, {"lessThan": "5.3.11", "status": "affected", "version": "5.3.0", "versionType": "semver"}, {"lessThan": "5.4.10", "status": "affected", "version": "5.4.0", "versionType": "semver"}, {"lessThan": "5.5.1", "status": "affected", "version": "5.5.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-05-23T20:02:36.668Z"}, "references": [{"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2.0", "versionEndExcluding": "5.2.16"}, {"vulnerable": true, "criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3.0", "versionEndExcluding": "5.3.11"}, {"vulnerable": true, "criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.0", "versionEndExcluding": "5.4.10"}, {"vulnerable": true, "criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.0", "versionEndExcluding": "5.5.1"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-23T21:18:35.727770Z", "id": "CVE-2025-48740", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-23T21:18:48.947Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48740", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-23T21:18:35.727770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-23T21:18:43.693Z"}}], "cna": {"metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "StrangeBee", "product": "TheHive", "versions": [{"status": "affected", "version": "5.2.0", "lessThan": "5.2.16", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.11", "versionType": "semver"}, {"status": "affected", "version": "5.4.0", "lessThan": "5.4.10", "versionType": "semver"}, {"status": "affected", "version": "5.5.0", "lessThan": "5.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.2.16", "versionStartIncluding": "5.2.0"}, {"criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.3.11", "versionStartIncluding": "5.3.0"}, {"criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.10", "versionStartIncluding": "5.4.0"}, {"criteria": "cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.5.1", "versionStartIncluding": "5.5.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-05-23T20:02:36.668Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48740", "state": "PUBLISHED", "dateUpdated": "2025-05-23T21:18:48.947Z", "dateReserved": "2025-05-23T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-05-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en StrangeBee TheHive 5.2.0 anterior a 5.2.16, 5.3.0 anterior a 5.3.11, 5.4.0 anterior a 5.4.10 y 5.5.0 anterior a 5.5.1 permite a un atacante remoto activar solicitudes en nombre de su v\u00edctima, si el atacante atrae a un usuario privilegiado, autenticado con autenticaci\u00f3n b\u00e1sica."}], "id": "CVE-2025-48740", "lastModified": "2025-05-28T14:58:52.920", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-05-23T20:15:25.570", "references": [{"source": "cve@mitre.org", "url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "cve@mitre.org", "type": "Primary"}]}