Login Sign Up

CVE-2025-1813

4.3 MEDIUM
CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in zj1983 zz software up to version 2024-08. Attackers can trick authenticated users into performing unintended actions by crafting malicious web requests. The vulnerability affects all users of the software who have authenticated sessions.

💻 Affected Systems

Products:
  • zj1983 zz
Versions: Up to and including 2024-08
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects an unknown functionality within the software. All installations up to version 2024-08 are vulnerable unless specifically patched.

📦 What is this software?

Zz by Zframeworks

View all CVEs affecting Zz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform administrative actions like changing configurations, creating new privileged accounts, or deleting critical data through authenticated user sessions.

🟠

Likely Case

Attackers modify user settings, change passwords, or perform unauthorized actions within the application using the victim's privileges.

🟢

If Mitigated

With proper CSRF protections, requests would be rejected unless they include valid anti-CSRF tokens, preventing unauthorized actions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been publicly disclosed and may be used. Attack requires user interaction (victim must visit malicious page while authenticated).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to any version after 2024-08 if available, or implement workarounds.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests and validate them server-side

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax attributes on session cookies

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF patterns
  • Educate users about phishing risks and implement session timeouts

🔍 How to Verify

Check if Vulnerable:

Check if your zj1983 zz version is 2024-08 or earlier. Test forms and state-changing endpoints for missing CSRF tokens.

Check Version:

Check application documentation or configuration files for version information

Verify Fix Applied:

Verify that all POST/PUT/DELETE requests require and validate CSRF tokens. Test with automated CSRF scanning tools.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed state-changing requests from same IP
  • Requests missing expected CSRF tokens
  • Unusual administrative actions from regular users

Network Indicators:

  • HTTP requests with Referer headers pointing to external domains
  • State-changing requests without corresponding GET requests

SIEM Query:

source=web_logs (method=POST OR method=PUT OR method=DELETE) AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2025-1813
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
EPSS Score: 0.04% exploit probability (10.4th percentile)
Published: March 2, 2025
Last Updated: May 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1813, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)