VYPR
Medium severity5.1NVD Advisory· Published Feb 21, 2025· Updated Jun 17, 2026

CVE-2025-25772

CVE-2025-25772

Description

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.

Affected products

2
  • Jspxcms/Jspxcmscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 9.0 to 9.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.