CVE-2025-25772

MEDIUM EPSS 5.8%
Published Feb 21, 20251y ago · Modified Jun 17, 20261w ago
5.1 CVSS 3.1
Medium
Find Similar
Published Feb 21, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.

CVSS Details

Base Score
5.1
Exploitability
2.5
Impact
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
5.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 1

VendorProductVersionRange
ujcmsjspxcms*≥9.0.0  –  ≤9.5.0

References 1

  • yuque.com https://www.yuque.com/u123456789-6sobi/cdgcbq/pkwoqmkamcm9854r?singleDoc#%E3%80%8AjspXcms_csrf%E3%80%8B
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.