CVE-2025-61547
BaseFortify
Publication date: 2026-01-08
Last updated on: 2026-02-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edu_business_solutions | print_shop_pro_webdesk | 18.34 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) present in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application lacks proper CSRF tokens or other protective measures, which allows a remote attacker to trick authenticated users into unknowingly performing unintended actions within their session, such as unauthorized data modifications including credential updates.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized data modification by allowing attackers to execute actions on behalf of authenticated users without their knowledge. This can result in changes to sensitive information such as user credentials, potentially compromising account security and leading to further unauthorized access or misuse.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should implement proper CSRF protection measures such as adding CSRF tokens to all forms and state-changing requests in the edu Business Solutions Print Shop Pro WebDesk application. Additionally, educating users to avoid clicking on suspicious links while authenticated and applying any available patches or updates from the vendor are recommended immediate steps.