MidnightBSD

Advisories for flyfrontier

CVE-2025-62236

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
flyfrontier frontier_airlines -