CVE-2025-27912

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://datalust.co/seq	Product
https://github.com/datalust/seq-tickets/issues/2366	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-11 08:15

Updated : 2025-10-10 20:19

NVD link : CVE-2025-27912

Mitre link : CVE-2025-27912

CVE.ORG link : CVE-2025-27912

JSON object : View

Products Affected

datalust

seq

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-27912", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-11T08:15:11.727", "references": [{"url": "https://datalust.co/seq", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/datalust/seq-tickets/issues/2366", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Datalust Seq antes de 2024.3.13545. La falta de validaci\u00f3n de tipo de contenido puede generar CSRF cuando (1) se utiliza la autenticaci\u00f3n de Entra ID o OpenID Connect y un usuario visita un sitio comprometido o malicioso, o (2) cuando se utiliza la autenticaci\u00f3n de nombre de usuario/contrase\u00f1a o Active Directory y un usuario visita un sitio comprometido o malicioso bajo el mismo dominio de nivel superior efectivo que el servidor Seq. La explotaci\u00f3n de la vulnerabilidad permite al atacante realizar ataques de suplantaci\u00f3n de identidad y realizar acciones en Seq en nombre del usuario objetivo."}], "lastModified": "2025-10-10T20:19:26.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBFB8DE4-1528-498F-A553-99520A5788F8", "versionEndExcluding": "2024.3.13545"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}