Vulnerability Description: Use of GET Request Method With Sensitive Query Strings - CWE-598
Software Version: 2.0
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-24948
CVSS:
Severity:
Credits: Alberto Arganese, Cristian Castrechini, Federico Draghelli, Massimiliano Brolli
Passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.
Security Impact
Because the GET request string is included in the URL, passwords can be stored in server logs, browser cache, or browsing history, increasing vulnerability to eavesdropping or unauthorized access.