CVE-2025-34133
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-10-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wimi | wimi_teamwork | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34133 is a cross-site request forgery (CSRF) vulnerability in Wimi Teamwork versions prior to 7.38.17. The API accepts any authenticated request containing a JSON field named 'csrf_token' without validating its value; it only checks for the presence of the field. An attacker can craft a cross-site request that causes a logged-in victimβs browser to submit a JSON POST with an arbitrary or empty 'csrf_token'. The API then executes the request with the victimβs privileges, allowing the attacker to perform privileged actions as the victim. [2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to perform privileged actions on behalf of the victim, potentially resulting in account takeover, privilege escalation, or service disruption within the Wimi Teamwork environment. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on identifying API requests containing a JSON field named 'csrf_token' without proper validation. Monitoring HTTP POST requests to the Wimi Teamwork API endpoints for the presence of 'csrf_token' fields, especially those with arbitrary or empty values, may indicate exploitation attempts. Network traffic inspection tools like Wireshark or command-line tools such as curl or tcpdump can be used to capture and analyze such requests. For example, using curl to simulate or detect suspicious requests: curl -X POST -H "Content-Type: application/json" -d '{"csrf_token":""}' https://<wimi-api-endpoint>. Additionally, reviewing server logs for POST requests containing 'csrf_token' fields without corresponding validation errors may help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Wimi Teamwork to version 7.38.17 or later, where this CSRF vulnerability has been addressed. Until the update can be applied, consider implementing additional security controls such as enforcing stricter validation of the 'csrf_token' field on the server side, restricting API access to trusted origins, and educating users to avoid interacting with untrusted sites while authenticated. Employing network-level protections like Web Application Firewalls (WAF) to detect and block suspicious cross-site requests may also help reduce risk. [2, 1]