CVE-2025-54174
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-08
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensolution | quick.cms | 6.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in QuickCMS's article creation functionality. An attacker can create a malicious website that, when visited by an admin user, automatically sends a POST request to QuickCMS to create an article with attacker-defined content without the admin's consent.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to inject malicious or unauthorized content into the CMS by tricking an admin into visiting a crafted website. This can lead to misinformation, defacement, or potentially further exploitation if the malicious content includes harmful scripts or links.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid visiting untrusted websites while logged in as an admin to QuickCMS version 6.8. Implement CSRF protection mechanisms such as CSRF tokens in the article creation functionality. If possible, update or patch QuickCMS once a fix is available from the vendor. Restrict admin access and monitor for suspicious POST requests creating articles.