CVE-2025-14266

Ercom Cryptobox - CSRF

Title source: llm

Description

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

References (1)

[Various Sources] https://info.cryptobox.com/doc/v4.39/4.39.en/#fix2

Scores

EPSS 0.0003

EPSS Percentile 7.7%

Classification

CWE

CWE-352

Status draft

Timeline

Published Dec 17, 2025

Tracked Since Feb 18, 2026