These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-60949 is a critical vulnerability in Census CSWeb 8.0.1 that allows remote, unauthenticated attackers to access configuration files via HTTP in certain deployments. This could lead to the leakage of sensitive information. The issue has been addressed in version 8.1.0 alpha. Users of affected versions should update as soon as possible. The vulnerability has a CVSS score of 9.1, indicating a high s [truncated]
The Census CSWeb 8.0.1 version is vulnerable to an arbitrary file upload attack. An authenticated remote attacker could exploit this vulnerability to upload malicious files, which might lead to remote code execution. The issue has been addressed in version 8.1.0 alpha. Users of affected versions should update to the latest version as soon as possible. This vulnerability is tracked as CVE-2025-60947.
CVE-2025-60946 is a high-severity path traversal vulnerability in Census CSWeb 8.0.1. An authenticated attacker could access unintended file directories. The issue was fixed in version 8.1.0 alpha. According to the CVE record, the vulnerability has a CVSS score of 8.8, indicating a high severity level. The source item from CISA CSAF provides detailed information about the vulnerability, including its desc [truncated]