High severity8.3NVD Advisory· Published Jun 11, 2025· Updated Apr 15, 2026

CVE-2025-6001

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.blacklanternsecurity.com/p/doomla-zero-daysnvd

News mentions

No linked articles in our index yet.

cvss	0.540
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000