CVE-2025-9747 in KoillectionИнформация

Сводка

по MITRE • 01.09.2025

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token."

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulDB

Раскрытие

01.09.2025

Модерация

принято

Вход

VDB-322047

CPE

готов

CWE

CWE-352 (Подтверждённый)

Эксплойт

Скачать

CVSS

8.8 (NVD)

EPSS

0.00038

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9747
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9747
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9747/

◂ Предыдущий Обзор Далее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!