What is the CVSS score of EUVD-2025-21051?

EUVD-2025-21051 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Alteryx Server are affected by EUVD-2025-21051?

Alteryx Server 2023.1.1.460 contains a critical vulnerability that allows attackers to steal user session tokens from browser storage, potentially enabling unauthorized access to user accounts and…

Is there a public PoC exploit available for EUVD-2025-21051?

Yes, a public proof-of-concept exploit is available for EUVD-2025-21051. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2025-21051?

Within 24 hours: Identify all systems running Alteryx Server 2023.1.1.460 and assess user activity for suspicious sessions; notify affected users to change passwords immediately and review recent account activity. Within 7 days: Implement network segmentation to restrict Alteryx Server access to trusted networks only, enable enhanced logging and monitoring for session anomalies, and establish incident response procedures for potential compromised accounts. Within 30 days: Upgrade to a patched Alteryx Server version when available, or evaluate alternative workflow solutions if patching cannot be scheduled; conduct forensic audit of all user sessions during the vulnerability window.

Alteryx Server EUVD-2025-21051

| CVE-2025-28244 HIGH

Insecure Storage of Sensitive Information (CWE-922)

2025-07-10 cve@mitre.org

Information Disclosure Alteryx Server

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21051

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

PoC Detected

Jul 17, 2025 - 00:57 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 19:15 nvd

HIGH 8.8

DescriptionCVE.org

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

AnalysisAI

A security vulnerability in the Local Storage in Alteryx Server 2023 (CVSS 8.8) that allows remote attackers. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 8.8 indicates high severity. Affects the Local Storage in Alteryx Server 2023.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-21051 vulnerability details – vuln.today

Back

Alteryx Server EUVD-2025-21051

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code