CVE-2025-47910

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47910

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47910.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47910

Aliases

Downstream

BELL-CVE-2025-47910

DEBIAN-CVE-2025-47910

ECHO-4b0c-aa52-8cd0

MINI-24f2-x7fr-m342

MINI-2w7h-j3h9-mv7x

MINI-4hpm-82fv-wfpw

MINI-4m32-m46x-6ggw

MINI-4x9x-c74x-hcrh

MINI-5qw6-3cpj-m26g

MINI-5rwx-q93j-qfjh

MINI-5whx-h64v-6wgw

MINI-5x97-32j2-7rqx

MINI-67mx-9fxf-j347

MINI-6c66-69mv-3hv5

MINI-6fcq-54j4-r4ww

MINI-6j65-g856-qpgc

MINI-6x9w-4p3x-6gjr

MINI-7362-7hr9-wx3j

MINI-7jxf-m295-gwm7

MINI-7mfp-2rmc-4fxw

MINI-7v4r-87wj-cw54

MINI-8c2f-5357-rfxf

MINI-8r52-949j-p23p

MINI-8w35-2fmc-5fc4

MINI-92xh-6365-grmm

MINI-9c3w-h6fm-q638

MINI-c38q-wr6h-cjjj

MINI-c75x-f5xv-gp8f

MINI-cqpq-q762-4wgj

MINI-cvqp-xmj7-6c25

MINI-f2rx-8v3p-q4xq

MINI-fvq3-c2pw-9mw7

MINI-g5jm-m3f5-pw78

MINI-g7v7-g7c9-q4r7

MINI-g8gj-vm2q-8p46

MINI-h4h3-3phf-8j8r

MINI-hp8m-42h3-8p5h

MINI-hx6m-37h4-fm53

MINI-j925-7733-4rxp

MINI-jjcv-cpqw-w94q

MINI-m8pq-7pp7-ggfq

MINI-mffr-5q75-w5c8

MINI-p88v-2p9f-cp5h

MINI-p9cr-hrf9-jj2j

MINI-p9jj-8r4f-6rxf

MINI-pc7j-jg9f-vvxf

MINI-pqwm-cqjp-jrp8

MINI-pvff-983p-94cc

MINI-pxjf-r5hq-w8h8

MINI-qh7h-jcc2-qpq9

MINI-qq5v-4f33-m43r

MINI-qw42-m5qx-xx88

MINI-r925-wx67-cjv3

MINI-rfqx-6wwv-46fj

MINI-rh9p-9hf8-2jp6

MINI-rr55-52p5-fxx9

MINI-vm2m-jvr3-gcgp

MINI-vv2c-5xvc-vcww

MINI-w552-95h5-2xpv

MINI-wr63-6qpp-3jgh

MINI-wx9q-mf75-jg55

MINI-x33r-h4c6-p8g7

MINI-x5f7-cxcp-h4w6

MINI-x7x7-f632-v3vx

MINI-xc5g-p28r-45g4

UBUNTU-CVE-2025-47910

Related

Published

2025-09-22T21:15:59Z

Modified

2025-09-24T23:41:28.146106Z

Summary

[none]

Details

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

References

Affected packages