CVE-2025-54541
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-09-08
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensolution | quick.cms | 6.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in QuickCMS's page deletion functionality. An attacker can create a malicious website that, when visited by an admin user, automatically sends a POST request that deletes an article without the admin's consent.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized deletion of articles by tricking an admin into visiting a malicious website. This can result in loss of important content, disruption of website operations, and potential damage to reputation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid visiting untrusted websites while logged in as an admin to QuickCMS version 6.8. Implement CSRF protection mechanisms such as requiring CSRF tokens for page deletion requests. If possible, restrict or monitor POST requests that delete articles. Consider updating or patching the software once a fix is available.