What is CVE-2025-23664?

A high-severity Cross-Site Request Forgery (CSRF) vulnerability in the Real Seguro Viagem plugin can lead to Stored XSS. Organizations should prioritize patching immediately to mitigate risks.

What is the severity of CVE-2025-23664?

CVE-2025-23664 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2025-23664 | High Vulnerability in Real Seguro Viagem Plugin

CVE-2025-23664 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability found in the Real Seguro Viagem plugin, which allows for Stored XSS. This issue affects versions of Real Seguro Viagem up to 2.0.5. As the CVSS score is 7.1, organizations must recognize the potential risks associated with this vulnerability.

The exploitation of this vulnerability may lead to unauthorized actions being performed on behalf of the user, potentially compromising sensitive data and user accounts. The vulnerability is classified as allowing low attack complexity and requires user interaction, which means that attackers may leverage social engineering tactics to initiate the attack.

Given the nature of the vulnerability and its implications, organizations should prioritize patching immediately. Failure to address this vulnerability could result in significant data breaches and reputational damage.

The vulnerability was published on January 16, 2025, and is currently in a deferred status with no known public exploits or proofs of concept available at this time.

Vulnerability Details

The vulnerability allows for Cross-Site Request Forgery (CSRF), which can lead to Stored XSS in the Real Seguro Viagem plugin. The vulnerability is rated with a CVSS score of 7.1, indicating a high severity level due to its potential impact on confidentiality, integrity, and availability.

The affected version is Real Seguro Viagem plugin version 2.0.5 and earlier. The vulnerability has a CWE classification of CWE-352. Organizations using this plugin should assess their exposure and take necessary action.

Technical Analysis

The root cause of this vulnerability stems from inadequate protections against CSRF attacks, which allow attackers to perform actions without user consent. The attack vector is network-based, requiring user interaction to exploit. The attack complexity is categorized as low, meaning that attackers can easily initiate an attack without significant effort.

No privileges are required to exploit this vulnerability, making it accessible to unauthenticated attackers. The impacts on confidentiality, integrity, and availability are rated as low, but the potential for data loss or unauthorized actions remains.

Risk & Impact Analysis

Risk to organizations includes unauthorized actions performed on behalf of legitimate users, leading to data breaches and loss of user trust. The blast radius can be significant, especially in environments where the Real Seguro Viagem plugin is widely used. The urgency for remediation is high due to the vulnerability's potential for exploitation.

Organizations should address in priority patch cycle to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Real Seguro Viagem prior to 2.0.5 are affected by this vulnerability. Organizations should ensure they are using the latest version to mitigate risk.

Mitigation & Remediation

Organizations should immediately patch to the latest version of the Real Seguro Viagem plugin to remediate this vulnerability. If patches are not available, consider implementing workarounds such as using CSRF tokens and restricting user interactions that may trigger the vulnerability. Additionally, enhancing configuration hardening and network controls can help mitigate the risk.

For further assistance, organizations can consider engaging in penetration testing services to ensure comprehensive security assessment.

Detection Guidance

Monitoring logs for anomalies such as unexpected requests or actions taken without authorization is crucial. Additionally, organizations should establish network signatures to detect potential exploit attempts and configure alerts for unusual user interactions.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-23664 lies in the increasing prevalence of CSRF vulnerabilities in web applications. Security teams must remain vigilant and adopt strategies to protect against these risks. This situation highlights the importance of thorough application security assessments, and organizations should consider implementing a robust vulnerability management program to identify similar weaknesses proactively.

Furthermore, organizations should leverage insights from penetration testing to uncover and remediate potential vulnerabilities. For more details on effective testing methodologies, refer to our penetration testing methodology guide.

In conclusion, thorough security evaluations and timely updates are essential to protecting against vulnerabilities like CVE-2025-23664. Organizations should also consider the strategic implementation of continuous security testing to maintain resilient defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-23664: High Vulnerability in Real Seguro Viagem Plugin