CVE-2025-46737
📋 TL;DR
SEL-5037 Grid Configurator contains an overly permissive CORS configuration that allows unauthorized cross-origin requests to its data gateway API. This vulnerability enables attackers to perform cross-site request forgery (CSRF) and potentially access sensitive data. Organizations using SEL-5037 Grid Configurator with the vulnerable configuration are affected.
💻 Affected Systems
- SEL-5037 Grid Configurator
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could perform CSRF attacks to execute unauthorized commands, modify grid configurations, or exfiltrate sensitive operational data from the gateway service.
Likely Case
Malicious websites could make unauthorized API calls to the gateway service, potentially accessing configuration data or performing limited unauthorized actions.
If Mitigated
With proper CORS restrictions, only authorized origins can access the API, preventing cross-origin attacks while maintaining legitimate functionality.
🎯 Exploit Status
Exploitation requires the attacker to lure a victim to a malicious website while they have an active session with the Grid Configurator.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest version from SEL website
Vendor Advisory: https://selinc.com/products/software/latest-software-versions/
Restart Required: Yes
Instructions:
1. Download latest SEL-5037 Grid Configurator from vendor website. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart the application/service.
🔧 Temporary Workarounds
Restrict CORS Origins
allConfigure the gateway service to only accept requests from specific trusted origins
Modify CORS configuration in gateway service settings to specify allowed origins
Network Segmentation
allIsolate the Grid Configurator service from untrusted networks
Configure firewall rules to restrict access to gateway service ports
🧯 If You Can't Patch
- Implement strict network access controls to limit gateway service exposure
- Deploy web application firewall with CORS policy enforcement
🔍 How to Verify
Check if Vulnerable:
Test CORS configuration by attempting cross-origin requests to the gateway API from unauthorized domainsCheck Version:
Check application version in Grid Configurator about dialog or configuration filesVerify Fix Applied:
Verify CORS headers in API responses only allow authorized origins and test cross-origin request blocking📡 Detection & Monitoring
Log Indicators:
- Unauthorized origin requests to gateway API
- CORS policy violation errors
- Unexpected API calls from external domains
Network Indicators:
- Cross-origin requests to gateway service endpoints
- Preflight OPTIONS requests from unauthorized domains
SIEM Query:
source="gateway_service" AND (http_referer NOT IN allowed_domains OR origin NOT IN allowed_origins)