Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-28244

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

Published

2025-07-10T19:15:24.527

Last Modified

2025-07-17T00:57:28.573

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	alteryx	alteryx_server	2023.1.1.460	Yes

References

https://alteryx.com Product ([email protected])
https://gist.github.com/DylanGrl/2771afe86bdd2665b83f28c1ff5c12eb Exploit, Third Party Advisory, Mitigation ([email protected])