CVE-2025-28355
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Summary
CVE-2025-28355 is a vulnerability affecting the Volmarg Personal Management System version 1.4.65. This issue permits attackers to execute arbitrary code and gain access to sensitive information through a Cross-Site Request Forgery (CSRF) attack. The vulnerability stems from the system's use of the insecure SameSite cookie attribute default value of "none." This misconfiguration exposes users to potential data theft and unauthorized actions. Attackers can exploit this flaw by inducing victims to click on a specially crafted link, leading to unintended actions being performed in their name. It is crucial that users and administrators update their systems to a secure version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.