Skip to main content

Acceptance of Extraneous Untrusted Data With Trusted Data

CVE-2025-29842

High
7.5/10

Summary

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

References

Advisory Timeline

  • Published