CVE-2025-5033 – This CSRF vulnerability in TeaCMS 2.0.2 allows ... (How to Fix)

Q: What is the severity of CVE-2025-5033?

CVE-2025-5033 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in TeaCMS 2.0.2 allows attackers to trick authenticated administrators into performing unauthorized actions via the user management interface. Attackers can remotely exploit this to create new user accounts with administrative privileges. Only TeaCMS installations with the vulnerable version are affected.

📋 TL;DR

This CSRF vulnerability in TeaCMS 2.0.2 allows attackers to trick authenticated administrators into performing unauthorized actions via the user management interface. Attackers can remotely exploit this to create new user accounts with administrative privileges. Only TeaCMS installations with the vulnerable version are affected.

💻 Affected Systems

Products:

XiaoBingby TeaCMS

Versions: 2.0.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator authentication to exploit, but default configurations are vulnerable.

📦 What is this software?

Teacms by Teacms Project

View all CVEs affecting Teacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers create administrative user accounts, gaining full control over the CMS to modify content, steal data, or deploy further attacks.

🟠

Likely Case

Attackers create backdoor user accounts with elevated privileges to maintain persistent access for future exploitation.

🟢

If Mitigated

With proper CSRF protections, exploitation attempts fail, preventing unauthorized user creation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly disclosed, making weaponization straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK

Restart Required: No

Instructions:

No official patch available. Monitor vendor repository for updates and apply when released.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection to the UserManageController.addUser endpoint

Modify src/main/java/me/teacms/controller/admin/UserManageController.java to include CSRF token validation

Disable User Management Interface

all

Temporarily disable the vulnerable user management functionality

Comment out or remove the addUser endpoint mapping in controller

🧯 If You Can't Patch

Implement WAF rules to block CSRF attacks targeting the /admin/user/add endpoint
Require re-authentication for sensitive administrative actions like user creation

🔍 How to Verify

Check if Vulnerable:

Check if TeaCMS version is 2.0.2 and if the UserManageController.addUser endpoint lacks CSRF protection

Check Version:

Check application.properties or build files for version information

Verify Fix Applied:

Test that CSRF tokens are required for the addUser endpoint and validate they are properly checked

📡 Detection & Monitoring

Log Indicators:

Multiple user creation requests from same IP without corresponding admin login
User creation requests missing CSRF tokens

Network Indicators:

POST requests to /admin/user/add without Referer header validation
CSRF attack patterns in web traffic

SIEM Query:

source="web_logs" AND uri="/admin/user/add" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2025-5033

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.06% exploit probability (19.1th percentile)

Published: May 21, 2025

Last Updated: June 20, 2025

🔗 References

https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK Exploit,Issue Tracking
https://vuldb.com/?ctiid.309853 Permissions Required,VDB Entry
https://vuldb.com/?id.309853 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.580729 Third Party Advisory,VDB Entry
https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5033, you might also want to check these: