CVE-2025-28876

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 11, 2025

CWE ID 352

Summary

CVE-2025-28876 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Skrill Official software from version n/a through 1.0.65. A CSRF attack forces an unwilling user to perform unintended actions on a web application in which they are currently authenticated. In this case, an attacker can exploit the flaw to induce users to perform unauthorized transactions or modifications in their Skrill account. To mitigate this risk, users should enable and properly configure CSRF tokens in their applications and ensure they do not click on suspicious links or download unverified files.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4OF3nO
https://www.cve.org/CVERecord?id=CVE-2025-28876
https://nvd.nist.gov/vuln/detail/CVE-2025-28876

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-28876

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations