8.6
CVE-2025-54256
- EPSS 0.17%
- Veröffentlicht 09.09.2025 18:17:30
- Zuletzt bearbeitet 15.09.2025 14:20:49
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Dreamweaver Desktop | Cross-Site Request Forgery (CSRF) (CWE-352)
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a malicious link, and scope is changed.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 8.6 | 1.8 | 6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://helpx.adobe.com/security/products/dreamweaver/apsb25-91.html