{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23086", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2025-01-10T19:05:52.772Z", "datePublished": "2025-01-21T04:26:10.943Z", "dateUpdated": "2025-03-22T14:00:42.023Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect."}], "affected": [{"vendor": "Brave", "product": "Desktop Browser", "versions": [{"version": "1.74.48", "status": "affected", "lessThan": "1.74.48", "versionType": "semver"}, {"version": "1.70.117", "status": "unaffected", "lessThan": "1.70.117", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/2888770"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-01-21T04:26:10.943Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T14:18:53.994412Z", "id": "CVE-2025-23086", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-22T14:00:42.023Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-23086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T14:18:53.994412Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T14:23:36.426Z"}}], "cna": {"affected": [{"vendor": "Brave", "product": "Desktop Browser", "versions": [{"status": "affected", "version": "1.74.48", "lessThan": "1.74.48", "versionType": "semver"}, {"status": "unaffected", "version": "1.70.117", "lessThan": "1.70.117", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/2888770"}], "descriptions": [{"lang": "en", "value": "On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-01-21T04:26:10.943Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23086", "state": "PUBLISHED", "dateUpdated": "2025-03-22T14:00:42.023Z", "dateReserved": "2025-01-10T19:05:52.772Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-01-21T04:26:10.943Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect."}, {"lang": "es", "value": "En la mayor\u00eda de las plataformas de escritorio, las versiones 1.70.x-1.73.x de Brave Browser inclu\u00edan una funci\u00f3n para mostrar el origen de un sitio en el cuadro de di\u00e1logo de selecci\u00f3n de archivos proporcionado por el sistema operativo cuando un sitio solicita al usuario que cargue o descargue un archivo. Sin embargo, en algunos casos, el origen no se dedujo correctamente. Cuando se combina con una vulnerabilidad de redireccionamiento abierto en un sitio confiable, esto podr\u00eda permitir que un sitio malicioso inicie una descarga cuyo origen en el cuadro de di\u00e1logo de selecci\u00f3n de archivos aparece como el sitio confiable que inici\u00f3 la redirecci\u00f3n."}], "id": "CVE-2025-23086", "lastModified": "2025-03-22T14:15:16.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-21T05:15:07.960", "references": [{"source": "support@hackerone.com", "url": "https://hackerone.com/reports/2888770"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}