CVE-2025-6865 in DaiCuo
Summary
by MITRE • 06/29/2025
A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/01/2025
This vulnerability exists within the DaiCuo content management system version 1.3.13 and earlier, specifically targeting the administrative interface at /admin.php/addon/index. The flaw represents a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions within the application's administrative context. The vulnerability's classification as problematic indicates significant security risk potential, particularly given that it affects the core administrative functionality of the system.
The technical implementation of this CSRF vulnerability stems from insufficient validation of request origins and lack of proper anti-CSRF tokens in the administrative endpoint. When an authenticated administrator visits a malicious website or clicks on a crafted link, the application processes requests without verifying that they originated from legitimate administrative sessions. This flaw enables attackers to manipulate the system through forged requests that appear to come from authenticated users, potentially allowing full administrative control over affected systems.
The operational impact of this vulnerability is severe as it provides attackers with remote execution capabilities within the administrative context of the affected system. An attacker could leverage this vulnerability to add malicious users, modify existing accounts, alter system configurations, or potentially execute arbitrary code depending on the system's architecture. The remote exploitability means that attackers do not require physical access to the system or local network presence, making the vulnerability particularly dangerous for publicly accessible web applications.
The vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery flaws in web applications, and demonstrates characteristics consistent with ATT&CK technique T1566.002 for initial access through spearphishing attachments or links. The public disclosure of this exploit increases the risk profile significantly, as it enables threat actors to immediately leverage the vulnerability without requiring additional reconnaissance or exploitation development time. Organizations running affected versions of DaiCuo should prioritize immediate remediation through patching or implementing compensating controls such as CSRF token validation and proper origin checking mechanisms.
Security teams should implement comprehensive monitoring for suspicious administrative activities and consider network-level controls to prevent unauthorized access to administrative endpoints. The vulnerability highlights the critical importance of maintaining current software versions and implementing proper input validation and request origin verification in web applications. Given that this affects the core administrative functionality, organizations should also conduct thorough security assessments to identify any potential compromise of affected systems and ensure that proper access controls and audit logging are implemented to detect unauthorized administrative activities.