CVE-2025-54541

EPSS 0.02%
Veröffentlicht 28.08.2025 11:15:32
Zuletzt bearbeitet 08.09.2025 16:56:22
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensolution ≫ Quick.Cms Version6.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.023

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvd@cert.pl	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://cert.pl/posts/2025/08/CVE-2025-54540

Third Party Advisory

https://opensolution.org

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-54541

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54541

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54541

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-54541