Vulnerability in Usebruno Bruno

CVE-2025-30354

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the p…

EPSS: 0.002 (43.3th percentile) — read the EPSS interpretation.

Affected products

Usebruno Bruno — versions < 1.39.1

Weakness classification (CWE)

CWE-942 — Permissive Cross-domain Policy with Untrusted Domains

References

https://github.com/usebruno/bruno/security/advisories/GHSA-hffg-7v8v-79j3 (x_refsource_CONFIRM)