Login Sign Up

CVE-2025-6865

4.3 MEDIUM
CSRF

📋 TL;DR

This Cross-Site Request Forgery (CSRF) vulnerability in DaiCuo CMS allows attackers to trick authenticated administrators into performing unintended actions via the /admin.php/addon/index endpoint. Attackers can exploit this remotely to potentially modify system settings or install malicious addons. All users running DaiCuo CMS versions up to 1.3.13 are affected.

💻 Affected Systems

Products:
  • DaiCuo CMS
Versions: up to 1.3.13
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator authentication to exploit, but default configurations are vulnerable.

📦 What is this software?

Daicuo by Daicuo

View all CVEs affecting Daicuo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could install malicious addons, modify system configurations, or perform administrative actions leading to complete system compromise.

🟠

Likely Case

Attackers trick administrators into performing unintended administrative actions like installing untrusted addons or changing system settings.

🟢

If Mitigated

With proper CSRF protections, the vulnerability is effectively neutralized with minimal impact.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires social engineering to trick authenticated administrators into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a version beyond 1.3.13 if available, or implement workarounds.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the /admin.php/addon/index endpoint

Modify admin.php to include and validate CSRF tokens for all POST requests

Restrict Admin Access

all

Limit admin panel access to trusted IP addresses only

Add IP whitelisting to .htaccess or web server configuration for /admin.php

🧯 If You Can't Patch

  • Implement SameSite cookie attributes for session cookies
  • Use browser extensions that block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Check if your DaiCuo CMS version is 1.3.13 or earlier and if /admin.php/addon/index endpoint lacks CSRF protection

Check Version:

Check DaiCuo CMS version in admin panel or configuration files

Verify Fix Applied:

Test that CSRF tokens are required for all POST requests to /admin.php/addon/index

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed CSRF token validations
  • Unusual admin actions from unexpected IPs

Network Indicators:

  • POST requests to /admin.php/addon/index without referrer validation

SIEM Query:

source_ip NOT IN admin_whitelist AND uri_path='/admin.php/addon/index' AND http_method='POST'

📊 Metadata

CVE ID: CVE-2025-6865
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
EPSS Score: 0.05% exploit probability (16.2th percentile)
Published: June 29, 2025
Last Updated: July 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6865, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2018-18934 9.8

This vulnerability in PopojiCMS v2.0.1 allows remote attackers to upload and execute arbitrary PHP c...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)