CVE-2025-25107

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Feb 7, 2025

CWE ID 352

Summary

CVE-2025-25107 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the sainwp OneStore Sites. This issue allows malicious actors to make unauthorized requests on behalf of users who have previously visited the site and are still logged in. The vulnerability spans from an undisclosed version to 0.1.1. A successful exploit could result in unintended actions, such as account takeover or data modification, highlighting the importance of applying the necessary patches promptly to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Byxeo
https://www.cve.org/CVERecord?id=CVE-2025-25107
https://nvd.nist.gov/vuln/detail/CVE-2025-25107

Back to Vulnerability Database

CVE-2025-25107

CVSS 3.1 Score 9.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations