What is the CVSS score of CVE-2025-5410?

CVE-2025-5410 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Mist are affected by CVE-2025-5410?

Organizations using Mist Community Edition should be aware of moderate risk from CVE-2025-5410, a cross-site request forgery vulnerability rated CVSS 4.3.. A patch is available.

Is there a public PoC exploit available for CVE-2025-5410?

Yes, a public proof-of-concept exploit is available for CVE-2025-5410. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-5410?

Within 30 days: Identify affected systems running Mist Community Edition and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

Mist CVE-2025-5410

EUVD-2025-16585 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2025-06-01 cna@vuldb.com

CSRF Mist

4.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.3 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 16:42 euvd

EUVD-2025-16585

Analysis Generated

Mar 14, 2026 - 16:42 vuln.today

Patch released

Mar 14, 2026 - 16:42 nvd

Patch available

PoC Detected

Nov 25, 2025 - 14:55 vuln.today

Public exploit code

CVE Published

Jun 01, 2025 - 23:15 nvd

MEDIUM 4.3

DescriptionCVE.org

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Analysis

Technical ContextAI

Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).

RemediationAI

A vendor patch is available — apply it immediately. Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.

CVE-2025-5410 vulnerability details – vuln.today

Back

Mist CVE-2025-5410

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code