CVE-2025-49004

| EUVD-2025-17570 HIGH
2025-06-09 [email protected]
RCE
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:43 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
patch_available
Apr 16, 2026 - 05:29 EUVD
0.48.0
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17570
CVE Published
Jun 09, 2025 - 21:15 nvd
HIGH 7.5

DescriptionNVD

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch.

AnalysisAI

DNS rebinding vulnerability in Caido (web security auditing toolkit) versions prior to 0.48.0 that allows attackers to hijack the authentication flow and achieve remote code execution. An attacker can load Caido on an attacker-controlled domain through DNS rebinding attacks, either during initial setup or by re-initiating the authentication flow on an already-configured instance. The vulnerability requires user interaction (UI:R) but poses high impact (C:H, I:H, A:H) with a CVSS score of 7.5, and the patch is available in version 0.48.0.

Technical ContextAI

This vulnerability exploits inadequate DNS rebinding protection, a class of attack (CWE-290: Improper Authentication) where an attacker manipulates DNS responses to cause a victim's browser to access attacker-controlled infrastructure while appearing to access a legitimate domain. Caido is a local web security auditing application that likely runs on localhost and provides a web-based dashboard interface. The vulnerability allows an attacker-controlled website to interact with the local Caido instance through the browser's same-origin policy bypass via DNS rebinding. The root cause is the absence of proper Host header validation, DNS pinning, or other DNS rebinding mitigations that would prevent the browser from connecting to attacker infrastructure after an initial legitimate DNS resolution. The authentication flow vulnerability suggests that Caido's authentication mechanism (possibly involving dashboard.caido.io as an OAuth-like provider) can be hijacked when the local instance is compromised.

RemediationAI

Immediate remediation: Upgrade Caido to version 0.48.0 or later, which includes DNS rebinding protection patches. The vendor has addressed this through Host header validation and/or DNS pinning mechanisms. Interim mitigations for users unable to upgrade immediately: (1) Avoid accessing untrusted websites while Caido is running; (2) Run Caido in isolated network environments with restricted outbound access; (3) Use browser security features to restrict local network access (e.g., secure context requirements); (4) Monitor Caido logs for suspicious authentication attempts; (5) Implement network-level controls to restrict DNS rebinding attacks via DNS64/IPv6 filtering if applicable. The patch is straightforward: download and install Caido 0.48.0+ from the official source. Verify patch application by checking version in Caido's about/settings page.

Share

CVE-2025-49004 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy