CVE-2025-28244

high

Description

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

References

https://gist.github.com/DylanGrl/2771afe86bdd2665b83f28c1ff5c12eb

https://alteryx.com

Details

Source: Mitre, NVD

Published: 2025-07-10

Updated: 2025-07-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00041

Detections

Analytics