External Control of Assumed-Immutable Web Parameter

CVE-2025-59382

Low

1.2/10

Summary

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: ACTIVE
Privileges Required: NONE

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

Advisory Timeline

Published Jun 10, 2026

External Control of Assumed-Immutable Web Parameter

CVE-2025-59382

Summary

CWE-472 - External Control of Assumed-Immutable Web Parameter

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS