CVE-2025-28355

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Apr 18, 2025
Updated: Apr 21, 2025
CWE ID 352

Summary

CVE-2025-28355 is a vulnerability affecting the Volmarg Personal Management System version 1.4.65. This issue permits attackers to execute arbitrary code and gain access to sensitive information through a Cross-Site Request Forgery (CSRF) attack. The vulnerability stems from the system's use of the insecure SameSite cookie attribute default value of "none." This misconfiguration exposes users to potential data theft and unauthorized actions. Attackers can exploit this flaw by inducing victims to click on a specially crafted link, leading to unintended actions being performed in their name. It is crucial that users and administrators update their systems to a secure version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share