CVE-2025-54598
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bevy | bevy | to 2025-06-24 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54598 is a Cross-Site Request Forgery (CSRF) vulnerability in the Bevy Event service used for eBay Seller Events. It allows an attacker to trick an authenticated administrator into unknowingly sending a request that deletes all user notifications via the /notifications/delete/ URI. This happens when the admin visits a malicious webpage that automatically triggers the deletion request without their consent or awareness. [1]
How can this vulnerability impact me? :
This vulnerability can disrupt communication and visibility within the platform by deleting all user notifications without authorization. It may also be leveraged to facilitate privilege abuse or denial-of-service attacks when combined with other vulnerabilities, potentially impacting system integrity and user trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized GET requests to the /notifications/delete/ URI on the Bevy Event service. Network or web server logs can be searched for such requests, especially those triggered without user interaction. For example, using command-line tools like grep on server logs: grep "/notifications/delete/" /var/log/access.log. Additionally, inspecting web traffic for suspicious GET requests to this endpoint can help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's patch released on June 24, 2025, which addresses the CSRF vulnerability. Until the patch is applied, implement CSRF protections such as requiring POST requests with anti-CSRF tokens for the /notifications/delete/ endpoint, or restricting access to this URI to trusted users only. Additionally, educating users to avoid visiting untrusted webpages while authenticated can reduce risk. [1]