CVE-2025-25907 – CVE-2025-25907 is a Cross-Site Request Forgery ... (How to Fix)

Q: What is the severity of CVE-2025-25907?

CVE-2025-25907 has a CVSS score of 8.8 (HIGH). CVE-2025-25907 is a Cross-Site Request Forgery vulnerability in tianti v2.3 that allows attackers to trick authenticated users into performing unintended actions via crafted requests to /user/ajax/save. This affects all users of tianti v2.3 who have authenticated sessions. Attackers can execute arbitrary operations with the victim's privileges.

📋 TL;DR

CVE-2025-25907 is a Cross-Site Request Forgery vulnerability in tianti v2.3 that allows attackers to trick authenticated users into performing unintended actions via crafted requests to /user/ajax/save. This affects all users of tianti v2.3 who have authenticated sessions. Attackers can execute arbitrary operations with the victim's privileges.

💻 Affected Systems

Products:

tianti

Versions: v2.3

Operating Systems: Any OS running tianti

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of tianti v2.3 are vulnerable unless custom CSRF protections have been implemented.

📦 What is this software?

Tianti by Tianti Project

View all CVEs affecting Tianti →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, data theft, or system compromise if admin users are targeted and the endpoint allows privileged operations.

🟠

Likely Case

Unauthorized user account modifications, profile changes, or data manipulation within the application.

🟢

If Mitigated

Limited impact with proper CSRF protections, though some risk remains if other vulnerabilities exist.

🌐 Internet-Facing: HIGH - Web applications are inherently internet-facing and CSRF attacks can be delivered via malicious websites or emails.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to trick authenticated user into visiting malicious page. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.4 or later

Vendor Advisory: https://github.com/xujeff/tianti/issues/39

Restart Required: No

Instructions:

1. Upgrade tianti to version 2.4 or later. 2. Verify CSRF tokens are implemented on all state-changing endpoints. 3. Test the /user/ajax/save endpoint with and without valid CSRF tokens.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all POST/PUT/DELETE endpoints and validate them server-side.

Implement CSRF middleware that generates and validates unique tokens per session

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies to prevent cross-site requests.

Set-Cookie: session=value; SameSite=Strict; HttpOnly; Secure

🧯 If You Can't Patch

Implement web application firewall rules to detect and block CSRF patterns
Monitor for unusual user account modifications and implement approval workflows for sensitive changes

🔍 How to Verify

Check if Vulnerable:

Test if /user/ajax/save endpoint accepts requests without CSRF tokens when user is authenticated.

Check Version:

Check tianti version in application configuration or via package manager: grep -r 'version' /path/to/tianti/config/

Verify Fix Applied:

Verify that /user/ajax/save endpoint rejects requests without valid CSRF tokens and that tokens are properly implemented.

📡 Detection & Monitoring

Log Indicators:

Multiple failed CSRF token validations
Unusual user account modifications from unexpected IPs
POST requests to /user/ajax/save without referrer headers

Network Indicators:

Cross-origin requests to /user/ajax/save endpoint
Requests with missing or invalid CSRF tokens

SIEM Query:

source="web_logs" AND (uri="/user/ajax/save" AND (csrf_token="" OR csrf_token=null)) AND response_code=200

📊 Metadata

CVE ID: CVE-2025-25907

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.06% exploit probability (18th percentile)

Published: March 10, 2025

Last Updated: May 21, 2025

🔗 References

https://github.com/xujeff/tianti/issues/39 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25907, you might also want to check these: