CVE-2025-28355

MEDIUM

Personal-management-system Personal Management System - CSRF

Title source: rule

Description

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none

Exploits (1)

nomisec WRITEUP

by abbisQQ · poc

https://github.com/abbisQQ/CVE-2025-28355

View Code ZIP pw:eip

References (3)

[Product] https://github.com/Volmarg/personal-management-system

[Issue Tracking] https://github.com/Volmarg/personal-management-system/issues/149

[Exploit, Third Party Advisory] https://github.com/abbisQQ/CVE-2025-28355/tree/main

Scores

CVSS v3 4.7

EPSS 0.0016

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

personal-management-system/personal_management_system 1.4.65

Published Apr 18, 2025

Tracked Since Feb 18, 2026