CVE-2025-65573 – A Cross-Site Request Forgery (CSRF) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-65573?

CVE-2025-65573 has a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky software allows attackers to trick authenticated users into performing unintended actions, specifically causing denial of service. This affects administrators and users with access to the dashboard interface. The vulnerability exists in the handle_interface_POST_and_status function.

📋 TL;DR

A Cross-Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky software allows attackers to trick authenticated users into performing unintended actions, specifically causing denial of service. This affects administrators and users with access to the dashboard interface. The vulnerability exists in the handle_interface_POST_and_status function.

💻 Affected Systems

Products:

AllskyTeam AllSky

Versions: v2024.12.06_06 and potentially earlier versions

Operating Systems: Linux-based systems where AllSky is deployed

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with web interface accessible to authenticated users. The vulnerability is in dashboard_LAN.php, dashboard_WLAN.php, and functions.php files.

📦 What is this software?

Allsky by Allskyteam

View all CVEs affecting Allsky →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through DoS, potential configuration changes if other vulnerable endpoints exist, and system instability requiring manual intervention.

🟠

Likely Case

Temporary service interruption affecting dashboard functionality and monitoring capabilities, requiring administrator attention to restore normal operation.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if the system is not internet-facing with authenticated user access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated user into visiting a malicious page. The vulnerability details are publicly disclosed with code references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor the official AllSky GitHub repository for security updates. 2. Apply any available patches from the vendor. 3. Verify the fix by checking for CSRF token implementation in the affected files.

🔧 Temporary Workarounds

Implement CSRF Protection

linux

Add CSRF tokens to all POST requests in the affected dashboard files

Edit dashboard_LAN.php, dashboard_WLAN.php, and functions.php to include CSRF token validation

Restrict Network Access

all

Limit access to the AllSky web interface to trusted networks only

Configure firewall rules to restrict access to AllSky web port (typically 80/443)

🧯 If You Can't Patch

Implement network segmentation to isolate AllSky systems from untrusted networks
Use web application firewalls (WAF) with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if your AllSky version is v2024.12.06_06 or earlier by examining the software version in the interface or configuration files.

Check Version:

grep -r 'version' /path/to/allsky/installation/ or check the web interface dashboard

Verify Fix Applied:

Verify that CSRF tokens are implemented in dashboard_LAN.php, dashboard_WLAN.php, and functions.php by checking for token generation and validation code.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to dashboard endpoints without referrer headers
Multiple failed status update attempts from same IP

Network Indicators:

HTTP requests to dashboard endpoints with suspicious referrers
Unusual traffic patterns to AllSky web interface

SIEM Query:

source="allsky.log" AND (url="*dashboard*" AND method="POST") AND NOT referrer="*allsky*"

📊 Metadata

CVE ID: CVE-2025-65573

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.17% exploit probability (37.9th percentile)

Published: December 9, 2025

Last Updated: December 16, 2025

🔗 References

https://gh0stmezh.wordpress.com/2025/12/05/cve-2025-65573/ Exploit,Third Party Advisory
https://github.com/AllskyTeam/allsky Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/dashboard_LAN.php Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/dashboard_WLAN.php Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/functions.php Product
https://gh0stmezh.wordpress.com/2025/12/05/cve-2025-65573/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65573, you might also want to check these: