CVE-2023-32625 in TS Webfonts for SAKURA Plugininfo

Summary

by MITRE • 07/21/2023

Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 03/18/2026

This cross-site request forgery vulnerability exists in TS Webfonts for SAKURA version 3.1.2 and earlier, representing a critical security flaw that enables remote attackers to manipulate user sessions without authentication. The vulnerability stems from insufficient validation of request origins and lack of proper anti-CSRF token implementation within the web application's authentication mechanisms. Attackers can craft malicious web pages or links that, when viewed by an authenticated user, automatically submit requests to the vulnerable application, effectively hijacking the user's session and executing unauthorized actions. The flaw specifically affects the webfont management functionality where users can modify settings and configurations, making it particularly dangerous for administrative operations.

The technical implementation of this vulnerability allows attackers to exploit the absence of anti-CSRF protection measures such as unique tokens, referer validation, or origin checks that should normally verify legitimate user requests. When a user visits a malicious page containing embedded requests to the vulnerable TS Webfonts application, the browser automatically submits these requests along with the user's existing authentication cookies, bypassing normal security controls. This behavior violates the fundamental principle of web application security where user actions should be explicitly validated and authenticated before processing. The vulnerability operates at the application layer and can be classified under CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in software design and implementation.

The operational impact of this vulnerability extends beyond simple data manipulation to potentially compromise entire user sessions and system configurations. An attacker could change critical webfont settings, potentially affecting website appearance and functionality, or even gain access to sensitive administrative controls if the application lacks proper access controls. The unauthenticated nature of the attack means that no prior credentials are required to exploit the vulnerability, making it particularly dangerous as it can be leveraged against any authenticated user who visits the malicious content. This type of vulnerability aligns with ATT&CK technique T1531 which focuses on modifying existing programs to gain access to systems and data, and T1078 which covers valid accounts for maintaining access.

Organizations using TS Webfonts for SAKURA versions 3.1.2 or earlier should immediately implement mitigations including the deployment of anti-CSRF tokens for all state-changing requests, implementation of proper referer header validation, and enforcement of origin checks for API endpoints. The recommended approach involves adding unique, cryptographically secure tokens to all forms and requests that modify application state, ensuring these tokens are validated server-side before processing any user-initiated changes. Additionally, implementing Content Security Policy headers and strict origin validation can provide additional defense-in-depth measures. The most effective long-term solution requires upgrading to a patched version of the software that properly implements CSRF protection mechanisms, as recommended by the vendor's security advisories and industry best practices for web application security.

Reservation

05/11/2023

Disclosure

07/21/2023

Moderation

accepted

CPE

ready

EPSS

0.00251

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!