CVE-2025-52968

ADVISORY - nist

Summary

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.

EPSS Score⁠: 0.00012 (0.013)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDCVE-2025-52968⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-420⁠

CVSS SCORE

2.7low

Alpine

CREATED

5 months ago

UPDATED

9 days ago

ADVISORY IDCVE-2025-52968⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

7 months ago

UPDATED

9 days ago

ADVISORY IDCVE-2025-52968⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2025-52968⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

7 months ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-52968⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-420⁠

CVSS SCORE

2.7low

CVE-2025-52968

Summary

Common Weakness Enumeration (CWE)

CWE-420⁠

CWE-420⁠

Advisories

NIST

CVSS SCORE

Alpine

Debian

CVSS SCORE

Ubuntu

CVSS SCORE

Red Hat

CVSS SCORE