CVE-2025-14266

Published: Dec 17, 2025

Modified: Dec 17, 2025

PUBLISHED

Description

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

Vendor	Product	Versions
Ercom	Cryptobox	affected `4.0.0 - < 4.37.229` affected `4.38.0 - < 4.39.200`

Weaknesses (CWE)

CWE-352

References

https://info.cryptobox.com/doc/v4.39/4.39.en/#fix2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-14266

Description

Affected Products

Weaknesses (CWE)

References