CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21618: NiceGUI On Air authentication issue

7.5 CVSS

Description

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1.

Classification

CVE ID: CVE-2025-21618

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

Affected Products

Vendor: zauberzeug

Product: nicegui

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w
https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1

Timeline

2025-01-07 00:30:51 UTC
CVE

NiceGUI On Air authentication issue