CVE-2025-46737 HIGH

CVE-2025-46737: Origin Validation Error

Vendor Schweitzer Engineering Laboratories
Product SEL-5037 Grid Configurator
Weakness CWE-346 · Origin validation
Published May 12, 2025
Last update May 12, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources.

Key dates

02Disclosure timeline

May 12, 2025 CVE published
May 12, 2025 Record updated