CVE-2025-29722

MEDIUM

Yassmittal Commercify - CSRF

Title source: rule

Description

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.

Exploits (1)

nomisec WRITEUP

by cypherdavy · poc

https://github.com/cypherdavy/CVE-2025-29722

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/cypherdavy/CVE-2025-29722

[Product] https://github.com/yassmittal/Commercify

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

yassmittal/commercify 1.0

Published Apr 17, 2025

Tracked Since Feb 18, 2026