CVE-2025-28244

Published: Jul 10, 2025Modified: Jul 17, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

Affected (1)

Products: Alteryx: Alteryx Server

Alteryx

1 product

Alteryx Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Alteryx Alteryx Server	Version 2023.1.1.460

Related CWEs

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (2)

https://alteryx.com

Source: cve@mitre.org

Product

https://gist.github.com/DylanGrl/2771afe86bdd2665b83f28c1ff5c12eb

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

Timeline

No history available yet.