CVE-2025-27910
Published: 10 March 2025
Description
Adversaries may create an account to maintain access to victim systems.
Security Summary
CVE-2025-27910, published on 2025-03-10, is a Cross-Site Request Forgery (CSRF) vulnerability (CWE-352) in tianti version 2.3, specifically affecting the /user/ajax/upd/status component. The issue enables attackers to execute arbitrary operations via a crafted GET or POST request. It carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and potential for significant impacts on confidentiality, integrity, and availability.
Exploitation targets authenticated users with low privileges who can be socially engineered into performing an action, such as clicking a malicious link or submitting a forged form that triggers the vulnerable endpoint. An attacker does not need direct access but relies on user interaction to forge requests on the victim's behalf, allowing arbitrary operations that could compromise the victim's account or system resources.
Mitigation details are available in the referenced advisory at https://github.com/xujeff/tianti/issues/39.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CSRF vulnerability in user management endpoints (/user/ajax/save, /user/ajax/upd/status) enables exploitation of the web application to perform unauthorized add, edit, delete, and restore operations on accounts, including creating administrator accounts, facilitating account manipulation and creation.