How severe is CVE-2025-53092?

CVE-2025-53092 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-53092

Name: strapi
Author: strapi

6.5MEDIUM

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the val

게시됨: 10/16/2025업데이트됨: 11/25/2025

설명

Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper validation or whitelisting. This allows an attacker-controlled site to send credentialed requests to the Strapi backend. An attacker can exploit this by hosting a malicious site on a different origin (e.g., different port) and sending requests with credentials to the Strapi API. The vulnerability is fixed in version 5.20.0. No known workarounds exist.

AI 분석AI 기반

영향받는 제품

strapistrapi

참조

https://github.com/strapi/strapi/security/advisories/GHSA-9329-mxxw-qwf8
Vendor Advisory