CVE-2025-1891 – This CVE describes a Cross-Site Request Forgery... (How to Fix)

Q: What is the severity of CVE-2025-1891?

CVE-2025-1891 has a CVSS score of 4.3 (MEDIUM). This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in shishuocms 1.1 that allows attackers to trick authenticated users into performing unintended actions. The vulnerability affects unknown processing functions and can be exploited remotely. Users of shishuocms 1.1 are affected.

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in shishuocms 1.1 that allows attackers to trick authenticated users into performing unintended actions. The vulnerability affects unknown processing functions and can be exploited remotely. Users of shishuocms 1.1 are affected.

💻 Affected Systems

Products:

shishuocms

Versions: 1.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability affects unknown processing functions, suggesting multiple endpoints may be vulnerable.

📦 What is this software?

Shishuocms by Qzw1210

View all CVEs affecting Shishuocms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could add unauthorized administrator accounts, modify system settings, or perform other privileged actions without the victim's knowledge.

🟠

Likely Case

Attackers create backdoor administrator accounts to gain persistent access to the CMS administration panel.

🟢

If Mitigated

With proper CSRF protections, the attack fails as requests lack valid anti-CSRF tokens.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires victim to be authenticated and visit a malicious page while logged into shishuocms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing forms and endpoints

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies to prevent cross-site requests

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF patterns
Require re-authentication for sensitive administrative actions

🔍 How to Verify

Check if Vulnerable:

Check if forms lack CSRF tokens by inspecting HTML source or using browser developer tools

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Verify that all forms include unique, validated CSRF tokens and SameSite cookie attributes are set

📡 Detection & Monitoring

Log Indicators:

Multiple administrator account creations from same IP
Unexpected configuration changes

Network Indicators:

POST requests to admin endpoints without Referer header or CSRF tokens

SIEM Query:

source="web_logs" AND (uri_path="/admin/*" OR uri_path="/api/*") AND http_method="POST" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2025-1891

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: March 4, 2025

Last Updated: August 28, 2025

🔗 References

https://github.com/caigo8/CVE-md/blob/main/shishuocms/CSRF%E6%B7%BB%E5%8A%A0%E7%AE%A1%E7%90%86%E5%91%98.md Exploit
https://vuldb.com/?ctiid.298409 Permissions Required
https://vuldb.com/?id.298409 Permissions Required
https://vuldb.com/?submit.505741 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1891, you might also want to check these: