CVE-2025-67173 – This CSRF vulnerability in RiteCMS v3.1.0 allow... (How to Fix)

Q: What is the severity of CVE-2025-67173?

CVE-2025-67173 has a CVSS score of 6.8 (MEDIUM). This CSRF vulnerability in RiteCMS v3.1.0 allows attackers to create or edit website pages without authorization by tricking authenticated administrators into submitting malicious POST requests. It affects all RiteCMS v3.1.0 installations with page creation/editing functionality enabled. Attackers can deface websites or inject malicious content.

📋 TL;DR

This CSRF vulnerability in RiteCMS v3.1.0 allows attackers to create or edit website pages without authorization by tricking authenticated administrators into submitting malicious POST requests. It affects all RiteCMS v3.1.0 installations with page creation/editing functionality enabled. Attackers can deface websites or inject malicious content.

💻 Affected Systems

Products:

RiteCMS

Versions: v3.1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires page creation/editing functionality to be accessible to authenticated users. All default installations are vulnerable.

📦 What is this software?

Ritecms by Ritecms

View all CVEs affecting Ritecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website takeover through persistent malicious page creation, leading to data theft, malware distribution, or credential harvesting from visitors.

🟠

Likely Case

Website defacement, SEO spam injection, or creation of phishing pages that compromise visitor trust and security.

🟢

If Mitigated

Limited impact with proper CSRF protections, though some administrative disruption may occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated administrator into clicking a malicious link or visiting a crafted page. Public proof-of-concept code is available in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Apply workarounds or upgrade to a newer version if available from the vendor.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to all page creation/editing forms and validate them server-side.

Modify RiteCMS source code to include anti-CSRF tokens in forms and validation logic.

Restrict Admin Access

linux

Limit administrative access to trusted IP addresses or networks using web server rules.

# Apache: Require ip 192.168.1.0/24
# Nginx: allow 192.168.1.0/24; deny all;

🧯 If You Can't Patch

Implement strict SameSite cookie attributes for session management.
Use web application firewalls (WAF) to block suspicious POST requests to page creation endpoints.

🔍 How to Verify

Check if Vulnerable:

Review RiteCMS version in admin panel or check source code for missing CSRF tokens in page creation forms.

Check Version:

Check RiteCMS admin dashboard or inspect CMS configuration files for version information.

Verify Fix Applied:

Test page creation with and without valid CSRF tokens; requests without tokens should be rejected.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to page creation endpoints from unusual IPs without corresponding GET requests.
Unauthorized page creation events in CMS audit logs.

Network Indicators:

Unusual POST traffic to /admin/page endpoints without referrer headers or CSRF tokens.

SIEM Query:

source="web_logs" AND (url_path="/admin/page" AND method="POST") AND NOT (referrer CONTAINS "yourdomain.com")

📊 Metadata

CVE ID: CVE-2025-67173

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.03% exploit probability (6.4th percentile)

Published: December 17, 2025

Last Updated: December 18, 2025

🔗 References

https://github.com/handylulu/RiteCMS/ Product
https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67173 Exploit,Third Party Advisory
https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67173 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67173, you might also want to check these: