CVE-2025-23572
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2025-23572 is a newly identified vulnerability that affects the UpDownUpDown application developed by Dave Konopka and Martin Scharm. The vulnerability is a Cross-Site Request Forgery (CSRF) issue, which allows an attacker to make unauthorized requests on behalf of a user, potentially causing actions to be performed without their knowledge or consent. Additionally, this flaw includes Stored Cross-Site Scripting (XSS), enabling an attacker to inject malicious scripts into a webpage and execute them on unsuspecting users. The vulnerability has impacted UpDownUpDown versions from n/a through 1.1. Users are advised to update their applications as soon as possible to mitigate these risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.