CVE-2019-25447

MEDIUM

OrientDB 3.0.17 GA Community - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25447. PoCs published by Ozer Goker.

AI-analyzed exploit summary The exploit demonstrates multiple CSRF and XSS vulnerabilities in OrientDB 3.0.17 GA Community Edition. It includes detailed HTTP requests for actions like creating/deleting databases, managing users, and executing stored/reflected XSS payloads.

Description

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes, manage users, and create functions by sending authenticated requests without token validation, combined with reflected and stored cross-site scripting vulnerabilities in the web interface.

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappsmultiple

https://www.exploit-db.com/exploits/46517

View Code ZIP pw:eip

The exploit demonstrates multiple CSRF and XSS vulnerabilities in OrientDB 3.0.17 GA Community Edition. It includes detailed HTTP requests for actions like creating/deleting databases, managing users, and executing stored/reflected XSS payloads.

Classification

Working Poc 95%

Attack Type

Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: OrientDB 3.0.17 GA Community Edition

Auth required

Prerequisites: Access to OrientDB web interface · Valid session cookie or authentication credentials

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 21, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46517

Various Sources product

https://orientdb.dev/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/orientdb-cross-site-request-forgery

Scores

CVSS v3 4.3

EPSS 0.0013

EPSS Percentile 2.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

orientdb/orientdb 3.0.17

Orientdb/OrientDB 3.0.17

Published Feb 20, 2026

Tracked Since Feb 21, 2026