CVE-2025-58272

LOW

Web Caster V130 <1.08 - CSRF

Title source: llm

Description

Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.

References (3)

[Third Party Advisory] https://jvn.jp/en/jp/JVN65839588/

[Various Sources] https://www.ntt-east.co.jp/info/detail/220903_01.html

[Various Sources] https://www.ntt-west.co.jp/info/support/oshirase20250903.html

Scores

CVSS v3 3.7

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

Classification

CWE

CWE-352

Status draft

Timeline

Published Sep 03, 2025

Tracked Since Feb 18, 2026