← Retour aux CVEs
CVE-2025-25967
HIGH8.8
Description
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/3/2025
Derniere modification3/6/2025
Sourcenvd
Observations honeypot0
Produits affectes
ddsn:acora_cms
Faiblesses (CWE)
CWE-352CWE-352
References
https://github.com/padayali-JD/CVE-2025-25967(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.