CVE-2025-25967

Published Mar 3, 2025

Last updated a month ago

Overview

Description: Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-352
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-352

Hype score: Not currently trending

CVE-2025-25967 Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized act… https://t.co/FZ04PkJzkO
@CVEnew
7 Mar 2025
228 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ddsn:acora_cms:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEA57E21-C43F-4273-A2B2-6DE0D9991F97"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References