High severity8.1NVD Advisory· Published May 23, 2018· Updated Jun 17, 2026
CVE-2018-7295
CVE-2018-7295
Description
ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 4.21, 4.25
Patches
Vulnerability mechanics
References
1- raw.githubusercontent.com/WizardShotTheFood/advisories/master/CVE-2018-7295.txtnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.