CVE-2025-4515 | Zylon PrivateGPT up to 0.6.2 settings.yaml allow_origins cross-domain policy

A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument allow_origins leads to permissive cross-domain policy with untrusted domains.

This vulnerability is uniquely identified as CVE-2025-4515. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4515 | Zylon PrivateGPT up to 0.6.2 settings.yaml allow_origins cross-domain policy

Post correlati

CVE-2023-49982 | School Fees Management System 1.0 /admin/management/users access control

CVE-2024-10975 | HashiCorp Nomad/Nomad Enterprise up to 1.9.1 Container Storage Interface authorization

CVE-2024-31223 | Ethyca Fides up to 2.39.1 Environment Variable unknown vulnerability

CVE-2024-47586 | SAP NetWeaver Application Server for ABAP and ABAP Platform HTTP Request null pointer dereference