Is there a public PoC exploit available for CVE-2025-8204?

Yes, a public proof-of-concept exploit is available for CVE-2025-8204. Prioritise patching immediately. EPSS: 0.2%.

Comodo Dragon CVE-2025-8204

Q: What is the CVSS score of CVE-2025-8204?

CVE-2025-8204 has a CVSS 4.0 base score of 1.3 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

LOW

Improperly Implemented Security Check for Standard (CWE-358)

2025-07-26 cna@vuldb.com

Information Disclosure Dragon

1.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.3 LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:49 vuln.today

DescriptionCVE.org

A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Comodo Dragon browser versions up to 134.0.6998.179 contain an HSTS Handler vulnerability that bypasses security checks for standard compliance, allowing remote attackers with user interaction to disclose sensitive information. The CVSS score of 1.3 reflects high attack complexity and limited integrity impact, but public exploit code is available and the vendor did not respond to early disclosure, leaving affected users without official patches.

Technical ContextAI

The vulnerability exists in the HSTS (HTTP Strict Transport Security) Handler component of Comodo Dragon, a Chromium-based browser. HSTS is a web security mechanism that forces browsers to communicate with web servers exclusively over HTTPS, protecting against downgrade attacks and man-in-the-middle interception. The flaw identified as CWE-358 (Improperly Implemented Security Check for Standard) suggests the browser fails to properly validate or enforce HSTS policies, potentially allowing attackers to bypass the security enforcement that should prevent HTTP connections to HTTPS-only domains. This weakness could permit information disclosure through protocol downgrade or insecure communication channels.

RemediationAI

No vendor-released patch is currently available, as Comodo did not respond to early disclosure. Users should monitor Comodo's release notes and security advisories for future updates addressing this HSTS Handler flaw. As an interim compensating control, users should upgrade to the latest available version of Comodo Dragon or consider switching to alternative browsers (such as Chrome, Firefox, or Edge) that have active security update cycles and vendor support. For organizations using Comodo Dragon, configure endpoint protection to block HTTPS downgrades at the network layer using a Web Content Filtering solution, though this adds infrastructure complexity. Disable non-HTTPS communication policies in browser group policies if available, though this may break legitimate workflows requiring mixed-protocol access.

CVE-2025-8204 vulnerability details – vuln.today

Back