VYPR
Unrated severityNVD Advisory· Published Nov 16, 2021· Updated Apr 30, 2025

Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)

CVE-2021-25965

Description

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.