CVE-2025-60949
Published
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS
Description
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
Web application that allows users to securely transfer cases or files between client devices and a web server.
GitHub