CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-28244: Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens...

Description

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

Classification

CVE ID: CVE-2025-28244

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 24.46% (scored less or equal to compared to others)

EPSS Date: 2025-07-12 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-28244
https://alteryx.com
https://gist.github.com/DylanGrl/2771afe86bdd2665b83f28c1ff5c12eb

Timeline

2025-07-10 19:40:19 UTC
CVE

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens...