CVE-2025-24538

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 27, 2025

CWE ID 352

Summary

CVE-2025-24538 is a Cross-Site Request Forgery (CSRF) vulnerability affecting BuddyPress Groups Extras. This issue permits malicious actors to submit unintended commands on behalf of other users, potentially leading to unauthorized actions within the affected platform. The vulnerability exists in versions of BuddyPress Groups Extras from n/a through 3.6.10, making it crucial for users to update their systems as soon as a patch becomes available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2ums_5
https://www.cve.org/CVERecord?id=CVE-2025-24538
https://nvd.nist.gov/vuln/detail/CVE-2025-24538

Back to Vulnerability Database

CVE-2025-24538

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations