CVE-2025-22963

This repository contains a writeup describing a CSRF vulnerability (CVE-2025-22963) in Teedy versions <= v1.11, which allows attackers to force authenticated users to change their user information, including passwords, leading to potential account takeover.

This repository documents a CSRF vulnerability (CVE-2025-22963) in Teedy versions <= v1.11, where an attacker can force a user to change their account details, including passwords, via a crafted POST request to `/api/user/:username`. The writeup includes a detailed explanation, proof-of-concept request, and a proposed fix involving CSRF tokens.