CVE-2025-24720

Summary

CVE-2025-24720 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Sticky Buttons software from version n/a through 4.1.1. An attacker can exploit this issue by tricking a user into performing unwanted actions on a targeted website. The attacker does not require any user interaction on the vulnerable site itself, making it a serious security risk. The vulnerability can lead to unintended data changes or unauthorized actions, potentially compromising the affected user's account or even the entire system. Users are advised to update their Sticky Buttons installation as soon as a patch is available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.