CVE-2025-60949 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 23, 2026
Census CSWeb - Information Disclosure
Overview
Census CSWeb 8.0.1 contains an information disclosure vulnerability caused by HTTP access to "app/config" files, letting remote unauthenticated attackers obtain leaked secrets, exploit requires no special privileges.
Severity & Score
Impact
Remote attackers can access configuration files and obtain sensitive secrets, risking data exposure and system compromise.
Mitigation
Update to version 8.1.0 alpha or later.
References
Social Media Activity(2 posts)
š“ CVE-2025-60949 - Critical (9.1) Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha. š https://www.thehackerwire.com/vulnerability/CVE-2025-60949/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2025-60949 - Critical (9.1) Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha. š https://www.thehackerwire.com/vulnerability/CVE-2025-60949/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-60949
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- information_disclosure
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-200
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N