CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an exact match. For example, a malicious origin like "notexample.com", "example.common.net" is whitelisted when the site's CORS policy specifies "example.com." This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://elysiajs.com
https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts
https://github.com/elysiajs/elysia-cors/tree/main
https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-20 15:15

Updated : 2025-08-22 18:09

NVD link : CVE-2025-50864

Mitre link : CVE-2025-50864

CVE.ORG link : CVE-2025-50864

JSON object : View

Products Affected

No product.

CWE

CWE-178

Improper Handling of Case Sensitivity

{"id": "CVE-2025-50864", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-08-20T15:15:32.990", "references": [{"url": "http://elysiajs.com", "source": "[email protected]"}, {"url": "https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts", "source": "[email protected]"}, {"url": "https://github.com/elysiajs/elysia-cors/tree/main", "source": "[email protected]"}, {"url": "https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-178"}]}], "descriptions": [{"lang": "en", "value": "An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an exact match. For example, a malicious origin like \"notexample.com\", \"example.common.net\" is whitelisted when the site's CORS policy specifies \"example.com.\" This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation."}, {"lang": "es", "value": "Un error de validaci\u00f3n de origen en elysia-cors library hasta la versi\u00f3n 1.3.0 permite a los atacantes eludir las restricciones de Cross-Origin Resource Sharing (CORS). La librer\u00eda valida incorrectamente el origen proporcionado comprobando si es una subcadena de alg\u00fan dominio en la pol\u00edtica CORS del sitio, en lugar de realizar una coincidencia exacta. Por ejemplo, un origen malicioso como \"notexample.com\" o \"example.common.net\" se incluye en la lista blanca cuando la pol\u00edtica CORS del sitio especifica \"example.com\". Esta vulnerabilidad permite el acceso no autorizado a los datos de usuario en sitios que utilizan la librer\u00eda elysia-cors para la validaci\u00f3n CORS."}], "lastModified": "2025-08-22T18:09:17.710", "sourceIdentifier": "[email protected]"}