How to fix CVE-2025-28244?

Within 24 hours: Identify all systems running Alteryx Server 2023.1.1.460 and assess user activity for suspicious sessions; notify affected users to change passwords immediately and review recent account activity. Within 7 days: Implement network segmentation to restrict Alteryx Server access to trusted networks only, enable enhanced logging and monitoring for session anomalies, and establish incident response procedures for potential compromised accounts. Within 30 days: Upgrade to a patched Alteryx Server version when available, or evaluate alternative workflow solutions if patching cannot be scheduled; conduct forensic audit of all user sessions during the vulnerability window.

Is Alteryx Server affected by CVE-2025-28244?

Alteryx Server 2023.1.1.460 contains a critical vulnerability that allows attackers to steal user session tokens from browser storage, potentially enabling unauthorized access to user accounts and sensitive data.

CVE-2025-28244

EUVD-2025-21051 HIGH

2025-07-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21051

PoC Detected

Jul 17, 2025 - 00:57 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 19:15 nvd

HIGH 8.8

Description

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

Analysis

A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.

Technical Context

Vulnerability type not specified by vendor. CVSS 8.8 indicates high severity. Affects the Local Storage in Alteryx Server 2023.

Affected Products

['the Local Storage in Alteryx Server 2023']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-28244 vulnerability details – vuln.today

Back

CVE-2025-28244

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-28244

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code