CVE-2025-5033

MEDIUM

TeaCMS 2.0.2 - CSRF

Title source: llm

Description

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 354 stars

by xiaobingby · javawriteup

https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK

References (4)

[Exploit, Issue Tracking] https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.309853

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.309853

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.580729

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 20.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-862 CWE-352

Status published

Affected Products (1)

teacms_project/teacms

Timeline

Published May 21, 2025

Tracked Since Feb 18, 2026