CVE-2025-48464 - Vulnerability Details - OpenCVE

ReportizFlow

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Duckduckgo	Duckduckgo

No data.

No data.

References

Link	Providers
https://tuxplorer.com/posts/dont-leave-me-outdated/
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/

History

Thu, 09 Oct 2025 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Duckduckgo Duckduckgo duckduckgo
Vendors & Products		Duckduckgo Duckduckgo duckduckgo

Wed, 08 Oct 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 08 Oct 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
Title		Exposure of Sensitive Information
Weaknesses		CWE-200
References		https://tuxplorer.com/posts/dont-leave-me-outdated/ https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: CSA

Published: 2025-10-08T06:50:11.081Z

Updated: 2025-10-08T17:27:07.706Z

Reserved: 2025-05-22T09:41:25.401Z

Link: CVE-2025-48464

Vulnrichment

Updated: 2025-10-08T17:26:50.765Z

NVD

Status : Awaiting Analysis

Published: 2025-10-08T07:15:33.323

Modified: 2025-10-08T19:38:09.863

Link: CVE-2025-48464

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48464", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2025-05-22T09:41:25.401Z", "datePublished": "2025-10-08T06:50:11.081Z", "dateUpdated": "2025-10-08T17:27:07.706Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "DuckDuckGo Browser", "vendor": "DuckDuckGo", "versions": [{"status": "affected", "version": "5.246.0 and below"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Leng Kang Hao"}], "datePublic": "2025-10-08T06:49:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.\n\n<br>"}], "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-10-08T06:50:11.081Z"}, "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/"}, {"url": "https://tuxplorer.com/posts/dont-leave-me-outdated/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.\n\n<br>"}], "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately."}], "source": {"discovery": "UNKNOWN"}, "title": "Exposure of Sensitive Information", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-08T17:23:36.909136Z", "id": "CVE-2025-48464", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-08T17:27:07.706Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48464", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-08T17:23:36.909136Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-08T17:26:50.765Z"}}], "cna": {"title": "Exposure of Sensitive Information", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Leng Kang Hao"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "DuckDuckGo", "product": "DuckDuckGo Browser", "versions": [{"status": "affected", "version": "5.246.0 and below"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.", "supportingMedia": [{"type": "text/html", "value": "Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.\n\n<br>", "base64": false}]}], "datePublic": "2025-10-08T06:49:00.000Z", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-097/"}, {"url": "https://tuxplorer.com/posts/dont-leave-me-outdated/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.", "supportingMedia": [{"type": "text/html", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim\u2019s Sync account data such as account credentials and email protection information.\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-10-08T06:50:11.081Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48464", "state": "PUBLISHED", "dateUpdated": "2025-10-08T17:27:07.706Z", "dateReserved": "2025-05-22T09:41:25.401Z", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "datePublished": "2025-10-08T06:50:11.081Z", "assignerShortName": "CSA"}, "dataVersion": "5.1"}