CVE-2025-28244HIGH 8.8EPSS p35.8%

CVE-2025-28244CVE-2025-28244

Description

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.8% · 2026-06-19T12:03:05Z
Published2025-07-10
Last modified2025-07-17

Underlying weaknesses· 1

CWE-922

References

  1. https://alteryx.com
  2. https://gist.github.com/DylanGrl/2771afe86bdd2665b83f28c1ff5c12eb

1

TypeTargetConfidenceTier
WeaknessInsecure Storage of Sensitive Informationcwe-9220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-28243
CVE
CVE-2025-63291
CVE
CVE-2026-25848
CVE
CVE-2025-24456
CVE
CVE-2025-58334
CVE
Adobe ColdFusion Improper Access Control Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.