CVE-2025-14117

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14117

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14117.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14117

Published

2025-12-06T06:15:53.913Z

Modified

2026-03-14T12:41:37.245685Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/halo-dev/halo

Affected ranges

Type

GIT

Repo

https://github.com/halo-dev/halo

Events

Introduced

Last affected

d57c4d8070de0972d2e5a8cb3c37889e99b51a03

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.21.10"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1

v0.1.1

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v1.*

v1.0.0

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-beta.4

v1.0.0-beta.5

v1.0.0-beta.6

v1.0.0-beta.7

v1.0.0-beta.8

v1.0.0-beta.9

v1.0.1

v1.0.2

v1.0.2-beta.1

v1.0.3

v1.1.0

v1.1.0-beta.1

v1.1.0-beta.2

v1.1.0-beta.3

v1.1.1

v1.1.3-beta.1

v1.1.3-beta.2

v1.2.0

v1.2.0-beta.1

v1.2.0-beta.2

v1.2.0-beta.3

v1.2.0-beta.4

v1.2.0-beta.5

v1.3.0

v1.3.0-beta.1

v1.3.0-beta.2

v1.3.0-beta.3

v1.3.0-beta.4

v1.3.1

v1.3.2

v1.4.0

v1.4.0-beta.1

v1.4.0-beta.2

v1.4.0-beta.3

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.2

v1.4.3

v1.4.3-beta.1

v1.4.3-beta.2

v1.4.3-beta.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.7-beta.1

v1.4.8

v1.4.9

v1.5.0-alpha.1

v2.*

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.1.0

v2.1.0-rc.1

v2.10.0

v2.10.0-alpha.1

v2.10.0-beta.1

v2.11.0

v2.11.0-rc.1

v2.11.0-rc.2

v2.12.0

v2.12.0-alpha.1

v2.12.0-alpha.2

v2.12.0-beta.1

v2.12.0-beta.2

v2.12.0-rc.1

v2.12.0-rc.2

v2.12.3

v2.13.0

v2.13.0-rc.1

v2.14.0

v2.14.0-rc.1

v2.15.0

v2.15.0-rc.1

v2.16.0

v2.16.0-rc.1

v2.16.0-rc.2

v2.17.0

v2.17.0-alpha.1

v2.17.0-alpha.2

v2.17.0-beta.1

v2.17.0-rc.1

v2.18.0

v2.18.0-rc.1

v2.19.0

v2.19.0-rc.1

v2.19.0-rc.2

v2.19.0-rc.3

v2.19.0-rc.4

v2.2.0

v2.20.0

v2.20.0-rc.1

v2.20.0-rc.2

v2.20.1

v2.20.10

v2.20.11

v2.20.12

v2.20.13

v2.20.14

v2.20.15

v2.20.16

v2.20.17

v2.20.18

v2.20.19

v2.20.2

v2.20.20

v2.20.21

v2.20.3

v2.20.4

v2.20.5

v2.20.6

v2.20.7

v2.20.8

v2.20.9

v2.21.0

v2.21.0-alpha.1

v2.21.0-alpha.2

v2.21.0-beta.1

v2.21.0-beta.2

v2.21.1

v2.21.10

v2.21.2

v2.21.3

v2.21.4

v2.21.5

v2.21.6

v2.21.7

v2.21.8

v2.21.9

v2.3.0

v2.3.0-rc.1

v2.4.0

v2.4.0-rc.1

v2.5.0

v2.5.0-rc.1

v2.5.0-rc.2

v2.5.1

v2.6.0

v2.6.0-rc.1

v2.7.0

v2.7.0-rc.1

v2.7.0-rc.2

v2.8.0

v2.8.0-rc.1

v2.8.0-rc.2

v2.9.0

v2.9.0-rc.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14117.json"