CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-25772

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.1%

CVSS Severity

CVSS v3 Score 5.1

References

https://www.yuque.com/u123456789-6sobi/cdgcbq/pkwoqmkamcm9854r?singleDoc#%E3%80%8AjspXcms_csrf%E3%80%8B

Products affected by CVE-2025-25772

Ujcms » Jspxcms » Version: 9.0.0

cpe:2.3:a:ujcms:jspxcms:9.0.0
Ujcms » Jspxcms » Version: 9.5.0

cpe:2.3:a:ujcms:jspxcms:9.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-25772

Products

Pricing

Contact Us