VYPR
Unrated severityNVD Advisory· Published Mar 23, 2026· Updated Mar 25, 2026

Census CSWeb leaked configuration files

CVE-2025-60949

Description

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Census/CSWebllm-fuzzy2 versions
    >=8.0.1, <8.1.0 alpha+ 1 more
    • (no CPE)range: >=8.0.1, <8.1.0 alpha
    • (no CPE)range: 8.0.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.