CVE-2025-7078
BaseFortify
Publication date: 2025-07-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 07fly | 07flycms | to 1.3.9 (inc) |
| 07fly | customer_relationship_management | to 1.3.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7078 is a Cross-Site Request Forgery (CSRF) vulnerability affecting 07FLYCMS, 07FLY-CMS, and 07FlyCRM versions up to 1.3.9. It occurs because the web applications do not properly verify whether requests are intentionally made by authenticated users, allowing attackers to trick users into submitting malicious requests that perform unauthorized actions on their behalf. This can be exploited remotely without authentication, relying on user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your behalf within the affected applications if you are an authenticated user. This can compromise data integrity and potentially lead to unwanted changes or actions being executed without your consent. Since the exploit is public and no mitigations are known, the risk remains until the vulnerability is addressed or the product is replaced. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring for unauthorized or suspicious requests to the vulnerable endpoint, such as `http://erp.07fly.net:80/oa/OaLeave/del.html?id=18`. Since the vulnerability exploits lack of CSRF protections, you can look for unusual POST or GET requests to this URL or similar endpoints in your logs. There are no specific commands provided in the resources, but general approaches include using web server logs analysis tools or intrusion detection systems to identify forged requests. Additionally, reviewing user activity for unexpected actions on the affected CMS versions (up to 1.3.9) may help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected software with alternative products, as no vendor patches or mitigations have been published. Since the vulnerability is a CSRF flaw, implementing CSRF protections such as anti-CSRF tokens in requests can help if you have the ability to modify the application. Additionally, educating users to avoid clicking on suspicious links and restricting access to the vulnerable endpoints can reduce risk. Monitoring and blocking suspicious traffic targeting the vulnerable URLs is also recommended. [2]