CVE-2025-47533

HIGH

Graphina < 3.0.4 - Cross-Site Request Forgery to Local File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-47533. PoCs published by zs1n.

AI-analyzed exploit summary This PoC exploits an authentication bypass in Cobbler's XMLRPC interface (CVE-2024-47533) by leveraging a flawed shared secret function to execute arbitrary commands via the `background_import` method, resulting in remote code execution.

Description

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.

Exploits (1)

nomisec WORKING POC 1 stars
by zs1n · poc
https://github.com/zs1n/CVE-2024-47533

This PoC exploits an authentication bypass in Cobbler's XMLRPC interface (CVE-2024-47533) by leveraging a flawed shared secret function to execute arbitrary commands via the `background_import` method, resulting in remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cobbler versions 3.0.0 to 3.2.3 (exclusive) and 3.3.7 (exclusive)
No auth needed
Prerequisites: Network access to Cobbler's XMLRPC API (typically port 25151) · Python 3 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.1
EPSS 0.0031
EPSS Percentile 22.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
Iqonic Design/Graphina < 3.0.4
Published May 07, 2025
Tracked Since Feb 18, 2026