CVE-2025-55744

MEDIUM

UnoPim <0.2.1 - CSRF

Title source: llm

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

References (2)

[Exploit] https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ

[Exploit, Vendor Advisory] https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352

Status published

Affected Products (2)

webkul/unopim < 0.2.1

unopim/unopim < 0.2.1Packagist

Timeline

Published Aug 21, 2025

Tracked Since Feb 18, 2026