CVE-2025-21618

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1
https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w

Configurations

No configuration.

History

06 Jan 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 17:15

Updated : 2025-01-06 17:15

NVD link : CVE-2025-21618

Mitre link : CVE-2025-21618

CVE.ORG link : CVE-2025-21618

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

7.5 /10