Medium severity5.1NVD Advisory· Published Feb 21, 2025· Updated Jun 17, 2026
CVE-2025-25772
CVE-2025-25772
Description
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.
Affected products
2Patches
Vulnerability mechanics
References
1- www.yuque.com/u123456789-6sobi/cdgcbq/pkwoqmkamcm9854rnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.