CVE-2025-28244

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
alteryxalteryx_server
2023.1.1.460
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://alteryx.com
https://gist.github.com/DylanGrl/2771afe86bdd2665b83f28c1ff5c12eb