CVE-2025-60949: Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments.
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.





