Base Score

HIGH8.1

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.

VectorNETWORK

Published Bycve@mitre.org

Published DateMar 24, 2025, 21:15

Affected Versions(2)

org.opendaylight.sfc:odl-sfc-ovs(Maven)

Introduced0

FixedN/A

LimitN/A

org.opendaylight.sfc:odl-sfc-openflow-renderer(Maven)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.opendaylight.sfc:odl-sfc-ovs(Maven)	0	N/A	N/A
org.opendaylight.sfc:odl-sfc-openflow-renderer(Maven)	0	N/A	N/A

Weakness Type (CWE):CWE-311

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://blog.csdn.net/weixin_43959580/article/details/146018166

Base Score

HIGH8.1

Weakness Type (CWE):CWE-311

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH