CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-46737: Origin Validation Error

7.4 CVSS

Description

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources.

Classification

CVE ID: CVE-2025-46737

CVSS Base Severity: HIGH

CVSS Base Score: 7.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Problem Types

CWE-346 Origin Validation Error

Affected Products

Vendor: Schweitzer Engineering Laboratories

Product: SEL-5037 Grid Configurator

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.15% (scored less or equal to compared to others)

EPSS Date: 2025-06-10 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46737
https://selinc.com/products/software/latest-software-versions/

Timeline

2025-05-12 17:40:24 UTC
CVE

Origin Validation Error