CVE Alert: CVE-2025-52968
Vulnerability Summary: CVE-2025-52968
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.
Affected Endpoints:
No affected endpoints listed.
Published Date:
6/23/2025, 3:15:29 PM
❄️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://cgit.freedesktop.org/xdg/xdg-utils/tag/?h=v1.2.1
- https://www.openwall.com/lists/oss-security/2025/06/23/1
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
