CVE-2025-50902
📋 TL;DR
This CSRF vulnerability in old-peanut Open-Shop allows attackers to trick authenticated users into submitting malicious POST requests, potentially exposing sensitive information. It affects all users running vulnerable versions of the wechat_applet__open_source software. The vulnerability requires user interaction but can lead to data exposure.
💻 Affected Systems
- old-peanut Open-Shop (wechat_applet__open_source)
📦 What is this software?
Open Shop by Old Peanut
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal sensitive user data, modify account settings, or perform unauthorized actions on behalf of authenticated users, potentially leading to data breaches or account compromise.
Likely Case
Attackers craft phishing emails or malicious websites that trick logged-in administrators into executing unwanted actions, potentially exposing customer data or modifying shop settings.
If Mitigated
With proper CSRF protections and user awareness training, the risk is significantly reduced as users would need to be tricked into visiting malicious sites while authenticated.
🎯 Exploit Status
Exploitation requires the victim to be authenticated and tricked into visiting a malicious page. No public exploit code is currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://gitee.com/old-peanut/wechat_applet__open_source/issues/IC95QM
Restart Required: No
Instructions:
1. Monitor the Gitee repository for updates. 2. Apply any available patches from the vendor. 3. Test the fix in a non-production environment first.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF protection tokens to all state-changing POST requests
Implement anti-CSRF tokens in your application code
SameSite Cookie Attribute
allSet SameSite=Strict or SameSite=Lax attributes on session cookies
Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to detect and block CSRF attempts
- Educate users about phishing risks and require multi-factor authentication for sensitive operations
🔍 How to Verify
Check if Vulnerable:
Check if your application version is 1.0.0 or earlier and lacks CSRF protection on POST endpointsCheck Version:
Check the application's version configuration file or package.json for version informationVerify Fix Applied:
Test that all POST requests require valid CSRF tokens and that SameSite cookie attributes are properly set📡 Detection & Monitoring
Log Indicators:
- Multiple failed POST requests from same IP with missing CSRF tokens
- Unusual POST requests to sensitive endpoints
Network Indicators:
- POST requests without Referer headers or with external Referers
- Requests with missing CSRF tokens
SIEM Query:
source_ip=* AND http_method=POST AND (csrf_token=null OR referer_domain!=internal_domain)