CVE-2024-12564 MEDIUM

CVE-2024-12564: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK before 2025.3

Vendor Open Design Alliance
Product CDE inWEB SDK
Weakness CWE-200 · Info exposure
Published December 12, 2024
Last update September 11, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.

Key dates

02Disclosure timeline

December 12, 2024 CVE published
September 11, 2025 Record updated