CVE-2025-11954
Deferred
Deferred - Pending Action
CSRF Vulnerability in WISECP Software
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery.
This issue affects WISECP: through 20022026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sitemio_information_technologies_trade_ltd_co | wise_cp | to 20022026 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue found in WISECP by Sitemio Information Technologies Trade Ltd. Co. CSRF allows an attacker to trick a user into performing actions on a web application in which they are authenticated, without their consent.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions being performed on behalf of an authenticated user, potentially resulting in high impact on confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70