CVE-2025-8992
BaseFortify
Publication date: 2025-08-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mtons | mblog | to 3.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8992 is a security vulnerability in the mtons mblog application (up to version 3.5.0) caused by the lack of Cross-Site Request Forgery (CSRF) protection. This allows attackers to trick authenticated users, especially admins, into performing unauthorized actions without their consent. For example, an attacker can silently submit a form that changes a user's password. The risk increases if combined with Cross-Site Scripting (XSS) vulnerabilities, which can lead to credential theft. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized actions on behalf of legitimate users, particularly administrators. This can lead to unauthorized password changes, potential account takeover, and manipulation of the application without the user's knowledge. If combined with other vulnerabilities like XSS, attackers could steal credentials and escalate their access, severely compromising the security of the system and its users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the application endpoints, especially administrative ones like `/admin/user/pwd`, lack CSRF protection mechanisms such as CSRF tokens. One way to detect it is to monitor HTTP POST requests to these endpoints and verify if they require or validate CSRF tokens. Additionally, you can use tools like curl or Burp Suite to simulate POST requests without CSRF tokens and observe if the server accepts them. For example, using curl: `curl -X POST -d "id=2&password=123456" https://yourdomain.com/admin/user/pwd?id=2` and checking if the password changes without a valid CSRF token indicates vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protection mechanisms such as adding CSRF tokens to all state-changing requests, especially in administrative interfaces. Ensure that the server validates these tokens on every POST request. Additionally, review and restrict access to sensitive endpoints, enforce user authentication and authorization checks, and consider applying web application firewalls (WAF) rules to block suspicious cross-site requests. Promptly update the application to a version that includes CSRF protections once available. [1]