Return to CVE list

CVE-2025-25907

8.8
Critical

CVE-2025-25907

cve@mitre.org
Awaiting Analysis
View on MITREFind on GitHub

Description

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cve@mitre.org
https://github.com/xujeff/tianti/issues/39