Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-56527

Good to know:

icon
icon

Date: November 17, 2025

Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2025-56527
https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363?pvs=74
https://github.com/Cinnamon/kotaemon/commit/37cdc28
https://github.com/Cinnamon/kotaemon
https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73
https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
https://www.mend.io/vulnerability-database/CVE-2025-56527

Severity Score

Weakness Type (CWE)

Plaintext Storage of a Password

CWE-256

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/Cinnamon/kotaemon.git - v0.11.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us