CVE-2025-28355

{"id": "CVE-2025-28355", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.6}]}, "published": "2025-04-18T19:15:45.640", "references": [{"url": "https://github.com/Volmarg/personal-management-system", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/Volmarg/personal-management-system/issues/149", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/abbisQQ/CVE-2025-28355/tree/main", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none"}, {"lang": "es", "value": "Volmarg Personal Management System 1.4.65 es vulnerable a Cross-Site Request Forgery (CSRF), lo que permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del atributo de cookie SameSite cuyo valor predeterminado es ninguno."}], "lastModified": "2025-06-20T16:19:02.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:personal-management-system:personal_management_system:1.4.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2CBFD17-3808-4974-AE40-46CFA01769B1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}