CVE-2025-25967

HIGH

Ddsn Acora Cms - CSRF

Title source: rule

Description

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.

Exploits (1)

nomisec WRITEUP

by padayali-JD · poc

https://github.com/padayali-JD/CVE-2025-25967

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/padayali-JD/CVE-2025-25967

Scores

CVSS v3 8.8

EPSS 0.0043

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

ddsn/acora_cms 10.1.1

Published Mar 03, 2025

Tracked Since Feb 18, 2026