CVE-2025-14266 LOW

CVE-2025-14266: CSRF in Ercom Cryptobox administration console

Vendor Ercom
Product Cryptobox
Weakness CWE-352 · CSRF
Published December 17, 2025
Last update December 17, 2025

CVSS base score

0.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U

What the vulnerability does

01Description

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

Key dates

02Disclosure timeline

December 17, 2025 CVE published
December 17, 2025 Record updated