CVE-2023-25264

EPSS 0.58% · P69 Updated Mar 18, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-25264

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Tornado 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Tornado是中国龙卷风科技（Tornado）社区的一个Python Web框架和异步网络库。该库通过使用非阻塞网络I / O，可以扩展到成千上万的开放连接，使其非常适合长时间轮询， WebSocket和其他需要与每个用户建立长期连接的应用程序。 Docmosis Tornado 2.9.5之前版本存在安全漏洞，该漏洞源于未经身份验证的攻击者可以通过引入带有相对路径段的特制请求来完全绕过身份验证检查过滤器。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2023-25264

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-25264

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-02-28 · 42 CVEs total

CVE-2023-26105	7.5 HIGH	mde utilities 安全漏洞
CVE-2023-27371	5.9 MEDIUM	GNU libmicrohttpd 缓冲区错误漏洞
CVE-2023-25432		Online Reviewer Management System SQL注入漏洞
CVE-2023-20948		Google Android 缓冲区错误漏洞
CVE-2023-22995		Linux kernel 安全漏洞
CVE-2023-22996		Linux kernel 安全漏洞
CVE-2023-22997		Linux kernel 代码问题漏洞
CVE-2023-22998		Linux kernel 安全漏洞
CVE-2023-22999		Linux kernel 代码问题漏洞
CVE-2023-25265		Tornado 路径遍历漏洞
CVE-2023-25266		Tornado 安全漏洞
CVE-2023-25431		Online Reviewer Management System 跨站脚本漏洞
CVE-2023-20945		Google Android 缓冲区错误漏洞
CVE-2023-26255		Jira plugin STAGIL Navigation 路径遍历漏洞
CVE-2023-26256		Jira plugin STAGIL Navigation 路径遍历漏洞
CVE-2023-27292		OpenCats 输入验证错误漏洞
CVE-2023-27293		OpenCats 跨站脚本漏洞
CVE-2023-27294		OpenCats 跨站脚本漏洞
CVE-2023-27295		OpenCats 跨站请求伪造漏洞
CVE-2023-27320		Sudo 资源管理错误漏洞

Showing top 20 of 42 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2023-25264

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-25264

I. Basic Information for CVE-2023-25264

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-25264

III. Intelligence Information for CVE-2023-25264

Same Patch Batch · n/a · 2023-02-28 · 42 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-25264

Leave a comment