Unrated severityNVD Advisory· Published Nov 16, 2021· Updated Apr 30, 2025
Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)
CVE-2021-25965
Description
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=0.6.0 <=0.6.13
- calibreweb/calibrewebv5Range: 0.6.0
Patches
Vulnerability mechanics
References
2- github.com/janeczku/calibre-web/commit/50919d47212066c75f03ee7a5332ecf2d584b98emitrex_refsource_MISC
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.