CVE-2025-61987
MEDIUMDescription
GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed.
Is your site exposed to CVE-2025-61987?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| groupsession | groupsession |
| groupsession | groupsession |
| groupsession | groupsession |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-61987? +
How severe is CVE-2025-61987? +
What products are affected by CVE-2025-61987? +
How do I check if I'm vulnerable to CVE-2025-61987? +
Related Vulnerabilities
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and …
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to …
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting …
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a …
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there …
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue …