CVE-2025-60535

HIGH LAB

Wallos v4.1.1 - CSRF

Title source: llm

Description

A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.

References (3)

Core 3

Core References

Various Sources

http://wallos.com

Various Sources

https://github.com/ellite/Wallos/

View Writeup ZIP pw:eip

Various Sources

https://github.com/vityuasd/VulList/blob/main/CVE-2025-60535.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 7.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull bellamy/wallos:latest

https://github.com/vityuasd/VulList

https://github.com/ellite/Wallos

View in Library

Details

CWE

CWE-352

Status published

Published Oct 14, 2025

Tracked Since Feb 18, 2026