What is CVE-2025-24739?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Shahjahan Jewel FluentSMTP plugin, affecting versions up to 2.2.80. Organizations should address this issue to prevent potential exploitation.

What is the severity of CVE-2025-24739?

CVE-2025-24739 has a severity rating of MEDIUM with a CVSS base score of 4.3.

CVE-2025-24739 | Medium Vulnerability in Shahjahan Jewel FluentSMTP

A Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSMTP allows attackers to execute unauthorized commands on behalf of users. This issue affects FluentSMTP: from n/a through versions 2.2.80. The CVSS score for this vulnerability is 4.3, categorizing it as medium severity, which requires attention from affected organizations.

The risk to organizations includes the potential for unauthorized actions to be taken without the consent of legitimate users, which can lead to data leakage or unauthorized access to sensitive functionalities within the application.

Currently, there is no known exploit available for this vulnerability, but organizations should still prioritize patching as part of their security hygiene.

Organizations should prioritize patching immediately.

Vulnerability Details

The vulnerability allows for Cross-Site Request Forgery (CSRF) attacks, enabling unauthorized commands to be executed on behalf of authenticated users. The CVSS score of 4.3 indicates a medium severity level, suggesting that while the risk is present, it may not be immediately critical, but organizations should take it seriously.

The affected product is the FluentSMTP plugin, specifically versions from n/a through 2.2.80. This vulnerability was published on January 24, 2025.

The associated CWE classification is CWE-352, which pertains to Cross-Site Request Forgery (CSRF).

Technical Analysis

The root cause of this vulnerability lies in the lack of proper validation of user requests within the FluentSMTP plugin. Attackers may leverage this vulnerability by crafting malicious requests that can be sent to the server, tricking it into executing unauthorized actions.

The attack vector is network-based, and the attack complexity is low, meaning that an attacker does not need extensive technical skills to exploit this vulnerability. The privileges required are none, and user interaction is required to trigger the CSRF attack.

In terms of impact, the confidentiality impact is none, while integrity impact is low, and availability impact is none. This indicates that while the attacker may not gain access to sensitive data, they can alter the integrity of user actions.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is moderate. Organizations that use the FluentSMTP plugin should assess their exposure, especially if the application processes sensitive data or allows critical operations.

Given the current CVSS score of 4.3, organizations should address this vulnerability in their priority patch cycle. If left unaddressed, the blast radius could extend to users who interact with the impacted plugin, potentially leading to unauthorized actions being performed in web applications.

Organizations should prioritize patching immediately.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of FluentSMTP are all versions prior to vendor patch, specifically those from n/a through 2.2.80.

Mitigation & Remediation

To mitigate this vulnerability, users should update to the latest version of FluentSMTP that addresses this CSRF vulnerability. Organizations should ensure that their security practices include regular updates and monitoring for vulnerabilities.

Consider implementing additional security measures such as input validation, using anti-CSRF tokens, and employing web application firewalls to provide an extra layer of protection against potential exploitation.

Penetration testing can also be beneficial in identifying similar vulnerabilities.

Detection Guidance

Organizations should monitor logs for unusual activity that may indicate CSRF attacks, such as unexpected changes or actions taken by users without their consent. Behavioral anomalies in user accounts may also be indicative of exploitation attempts.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing risks associated with CSRF attacks in web applications. Security teams should remain vigilant and implement robust security measures to protect against such vulnerabilities.

For organizations utilizing web applications, understanding the importance of CSRF protection is crucial. Regularly conducting security assessments can help identify weaknesses before they are exploited.

CSRF attack prevention strategies should be part of an organization's security posture.

Vulnerability management programs are essential to ensure that organizations are aware of and can respond to vulnerabilities quickly.

Regular penetration testing can provide insights into potential vulnerabilities and guide remediation efforts.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-24739: Medium Vulnerability in Shahjahan Jewel FluentSMTP