Vulnerability Details CVE-2025-23044
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2025-23044
-
cpe:2.3:a:pwndoc_project:pwndoc:-
-
cpe:2.3:a:pwndoc_project:pwndoc:0.1.0
-
cpe:2.3:a:pwndoc_project:pwndoc:0.2.0
-
cpe:2.3:a:pwndoc_project:pwndoc:0.3.0
-
cpe:2.3:a:pwndoc_project:pwndoc:0.4.0
-
cpe:2.3:a:pwndoc_project:pwndoc:0.5.0
-
cpe:2.3:a:pwndoc_project:pwndoc:0.5.1
-
cpe:2.3:a:pwndoc_project:pwndoc:0.5.2
-
cpe:2.3:a:pwndoc_project:pwndoc:0.5.3