{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2025-06-23T15:15:29Z",
  "id": "CVE-2025-52968",
  "details": "xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.",
  "references": [
    {
      "type": "WEB",
      "url": "https://cgit.freedesktop.org/xdg/xdg-utils/tag/?h=v1.2.1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2025/06/23/1"
    }
  ],
  "database_specific": {
    "isDisputed": true
  }
}