CVE-2025-58576

MEDIUM

GroupSession <5.3.0-5.3.2 - CSRF

Title source: llm

Description

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed.

References (2)

[Vendor Advisory] https://groupsession.jp/info/info-news/security20251208

[Third Party Advisory] https://jvn.jp/en/jp/JVN19940619/

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352

Status published

Affected Products (3)

groupsession/groupsession < 5.3.0

groupsession/groupsession < 5.3.2

groupsession/groupsession < 5.3.3

Timeline

Published Dec 12, 2025

Tracked Since Feb 18, 2026