PatchSiren cyber security CVE debrief
CVE-2025-60175 vynnus CVE debrief
CVE-2025-60175 is a medium-severity vulnerability affecting PopAd versions up to 1.0.4. This issue is classified as an Administrator Server Side Request Forgery (SSRF) vulnerability.
- Vendor
- vynnus
- Product
- PopAd
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of PopAd versions up to 1.0.4 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 4.4 and is categorized as CWE-918. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N.
Defensive priority
Administrators should prioritize updating PopAd to a version that fixes this vulnerability.
Recommended defensive actions
- Update PopAd to a version that fixes this vulnerability.
- Review and restrict administrator access to prevent exploitation.
Evidence notes
The vulnerability was reported by [email protected] and has a reference on Patchstack.
Official resources
-
CVE-2025-60175 CVE record
CVE.org
-
CVE-2025-60175 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2025-60175 was published on 2026-06-15T21:16:38.060Z and modified on 2026-06-15T21:24:32.790Z.