MidnightBSD

Advisories for irohasoft

CVE-2025-41404

Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product.

Products Affected

Vendor Product Version
irohasoft iroha_board *
CVE-2025-48497

Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered.

Products Affected

Vendor Product Version
irohasoft iroha_board *