← Volver a CVEs
CVE-2025-25967
HIGH8.8
Descripcion
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado3/3/2025
Ultima modificacion3/6/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
ddsn:acora_cms
Debilidades (CWE)
CWE-352CWE-352
Referencias
https://github.com/padayali-JD/CVE-2025-25967(cve@mitre.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.