CVE-2025-25769

CVE-2025-25769 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Wangmarket versions 4.10 through 5.0, specifically in the /controller/UserController.java component. Published on 2025-02-21, it has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-352. The flaw allows forged requests to perform unauthorized actions on behalf of authenticated users.

An attacker with low privileges, such as another authenticated user, can exploit this vulnerability over the network with low complexity by tricking a victim user into interacting with a malicious webpage or link (UI:R required). Successful exploitation enables high-impact outcomes, including unauthorized access to confidential data (C:H), modification of system integrity (I:H), and disruption of availability (A:H), potentially leading to full compromise of user sessions or administrative actions.

Mitigation details and further advisory information are available in the referenced source at https://flowus.cn/share/56c86622-1e4d-47ed-923c-9e37aff00079.