CVE-2025-25967

High CVSS: 8.8

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.

Vendor

Ddsn

Product

Acora Cms

CWE

CWE-352

Yayın Tarihi

2025-03-03 19:15:35

Güncelleme

2025-03-06 12:25:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-352 Acora Cms HIGH Ddsn 2025

Referanslar

https://github.com/padayali-JD/CVE-2025-25967

Benzer Kayıtlar

Critical

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to a…

Medium

CVE-2025-25968

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged us…

High

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused…