CVE Catalog

CVE-2025-5521

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

A cross-site request forgery (CSRF) vulnerability was found in WuKongOpenSource WukongCRM 9.0 in the file /system/user/updataPassword. The attack can be launched remotely, and exploit details have been publicly disclosed.

Risk Assessment

The risk involves an attacker being able to perform unauthorized password changes, potentially leading to account takeover and data confidentiality breaches.

Recommendation

Immediately implement CSRF protection mechanisms such as anti-CSRF tokens, and consider updating the system or applying temporary patches from the vendor.

Original NVD description (English source)

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS