CVE-2025-25772

CVSS 3.1 Score 5.1 of 10 (medium)

Details

Published Feb 21, 2025

CWE ID 352

Summary

CVE-2025-25772 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Jspxcms versions 9.0 to 9.5. This issue lies in the /back/UserController.java component, which enables attackers to create new Administrator accounts by making crafted requests. An attacker could exploit this flaw through a specially designed web page to submit unauthorized requests on behalf of a user, leading to the addition of unwanted Administrator accounts and potential security breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3IEfBA
https://www.cve.org/CVERecord?id=CVE-2025-25772
https://nvd.nist.gov/vuln/detail/CVE-2025-25772

Back to Vulnerability Database

CVE-2025-25772

CVSS 3.1 Score 5.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations