CVE-2025-23801

Summary

CVE-2025-23801 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Benjamin Guy Style Admin platform. This issue enables attackers to execute Stored Cross-Site Scripting (XSS) attacks against unsuspecting users. The CSRF vulnerability allows an attacker to craft malicious requests that can be executed on behalf of the victim when they visit a compromised website. The Stored XSS vulnerability then allows the attacker to inject malicious scripts into the platform, which can then be executed on subsequent visits by the victim, potentially leading to data theft or other malicious activities. This issue affects all versions of Style Admin from n/a through 1.4.3. Users are strongly advised to update their platforms to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.