What is CVE-2025-25769?

CVE-2025-25769 identifies a high-severity Cross-Site Request Forgery (CSRF) vulnerability in Wangmarket versions 4.10 to 5.0. Immediate action is needed to mitigate potential exploitation risks.

What is the severity of CVE-2025-25769?

CVE-2025-25769 has a severity rating of HIGH with a CVSS base score of 8.

CVE-2025-25769 | High Vulnerability in Wangmarket

CVE-2025-25769 is a high-severity vulnerability affecting Wangmarket versions 4.10 to 5.0. This vulnerability allows for Cross-Site Request Forgery (CSRF) due to improper handling in the component /controller/UserController.java. With a CVSS score of 8, organizations are placed at significant risk if they do not address this issue promptly.

The vulnerability was published on February 21, 2025, and due to its high severity, organizations should prioritize remediation. Failure to do so may lead to unauthorized actions being performed on behalf of legitimate users, posing a serious threat to the application's integrity.

Currently, there are no known public exploits or proofs of concept available. However, the nature of CSRF vulnerabilities means that they can be easily exploited if left unpatched. Therefore, organizations should act swiftly to implement necessary patches.

Organizations should prioritize patching immediately to mitigate potential exploitation risks.

Vulnerability Details

The official CVE description states that Wangmarket v4.10 to v5.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via the component /controller/UserController.java. This vulnerability is classified under CWE-352.

The CVSS 3.1 score for this vulnerability is 8, indicating high severity. The attack vector is over the network, with low attack complexity and low privileges required, but it does require user interaction. The impact on confidentiality, integrity, and availability is high.

Technical Analysis

The root cause of this vulnerability lies in the inadequate protection against CSRF attacks. Attackers may leverage this vulnerability by tricking users into executing unwanted actions on the Wangmarket application.

The attack vector is primarily network-based, and the attack complexity is low. It requires low privileges from an attacker but does necessitate user interaction to facilitate the CSRF attack.

If exploited, this vulnerability can lead to serious confidentiality, integrity, and availability impacts on the application and its users.

Risk & Impact Analysis

Risk to organizations includes unauthorized actions being performed on behalf of legitimate users, which can lead to data leakage or unauthorized data manipulation. This vulnerability's high CVSS score indicates a significant risk profile that organizations must not overlook.

Given the potential for exploitation and the impact on organizational operations, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects Wangmarket versions 4.10 to 5.0. Organizations running these versions should prioritize applying the relevant security patches.

Mitigation & Remediation

Organizations should check for the availability of patches from Wangmarket and upgrade to the latest version to mitigate this vulnerability. In cases where immediate patching is not possible, implementing CSRF protection mechanisms such as anti-CSRF tokens is recommended.

For further insights into vulnerability management, organizations can refer to our vulnerability management program design guide.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual requests that may indicate CSRF attempts. Additionally, behavioral anomalies in user sessions should be closely observed.

AppSecure Threat Intelligence Insight

CVE-2025-25769 highlights the importance of robust CSRF protections within applications. As threats evolve, security teams must remain vigilant and proactive in their defenses against such vulnerabilities.

For further reading on CSRF and its prevention, organizations may explore our CSRF attack prevention strategies blog.

Additionally, examining our vulnerability management program design can provide valuable insights for enhancing overall application security.

Finally, understanding the broader implications of CSRF vulnerabilities can be found in our CISO guide on red teaming services for a comprehensive view of application security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-25769: High Vulnerability in Wangmarket