CVE-2025-48740

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in TheHive versions prior to 5.2.16, 5.3.11, 5.4.10, and 5.5.1 when basic authentication is enabled. The application fails to implement anti-CSRF tokens or other protections, allowing an attacker to craft malicious requests that are executed in the context of a legitimate user's session.

Exploitation

An unauthenticated remote attacker can exploit this by luring a privileged user, who is authenticated via basic authentication, into visiting a crafted webpage. The attacker can then forge requests to perform actions such as changing the victim's password or escalating privileges, without the victim's knowledge.

Impact

Successful exploitation enables an attacker to perform sensitive operations on behalf of the victim, potentially leading to privilege escalation or account compromise. The CVSS v4.0 base score is 5.9 (Medium), with high impact on integrity and no impact on confidentiality.

Mitigation

The issue is fixed in TheHive versions 5.2.16, 5.3.11, 5.4.10, and 5.5.1. Users are advised to upgrade to a patched version. No workarounds are documented [1].