216.73.217.98

CVE-2025-25967

· Published 03/03/2025 19:15 · Modified 06/03/2025 12:25

Labels: CVE-2025-25967 2025-03-03CVE-2025-25967CWE-352[email protected]

Essential information

Published
03/03/2025 19:15
Modified
06/03/2025 12:25
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ddsn / acora cms cpe:2.3:a:ddsn:acora_cms:10.1.1:*:*:*:*:*:*:*

References