CVE-2025-22963

High CVSS: 7.5

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.

Vendor

Product

CWE

Yayın Tarihi

2025-01-13 16:15:19

Güncelleme

2025-10-07 16:53:41

Source Identifier

cve@mitre.org

KEV Date Added

CWE-352 Teedy HIGH Sismics 2025

https://blog.teedy.io/ https://github.com/samplev45/CVE-2025-22963 https://github.com/sismics/docs/releases/tag/v1.11 https://github.com/sota70/teedy-v1.11-csrf

Medium

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of th…

High

CVE-2024-54851

Teedy

Critical

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnera…