Login Sign Up

CVE-2025-9747

4.3 MEDIUM
CSRF

📋 TL;DR

This CSRF vulnerability in Koillection allows attackers to trick authenticated users into performing unintended actions by manipulating requests. It affects all Koillection instances up to version 1.6.18. The vulnerability is in the CSRF protection controller and can be exploited remotely.

💻 Affected Systems

Products:
  • Koillection
Versions: up to 1.6.18
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Koillection by Benjaminjonard

View all CVEs affecting Koillection →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform unauthorized actions on behalf of authenticated users, potentially modifying collections, deleting data, or changing account settings.

🟠

Likely Case

Attackers trick users into performing unintended actions within their Koillection instance, such as adding/removing items or modifying preferences.

🟢

If Mitigated

With proper CSRF protections, requests would be rejected without valid tokens, preventing unauthorized actions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires user interaction but is technically simple. Attackers need to trick authenticated users into visiting malicious pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0

Vendor Advisory: https://github.com/benjaminjonard/koillection/releases/tag/1.7.0

Restart Required: Yes

Instructions:

1. Backup your Koillection instance and database. 2. Download version 1.7.0 from the official repository. 3. Replace existing files with the new version. 4. Clear any caches. 5. Restart your web server.

🔧 Temporary Workarounds

Implement custom CSRF protection

all

Add custom CSRF token validation to all state-changing endpoints

Use SameSite cookie attribute

all

Configure session cookies with SameSite=Strict to limit cross-site requests

🧯 If You Can't Patch

  • Implement WAF rules to detect and block CSRF patterns
  • Monitor for unusual user activity and implement rate limiting on sensitive endpoints

🔍 How to Verify

Check if Vulnerable:

Check Koillection version in admin panel or by examining package.json file. If version is 1.6.18 or lower, you are vulnerable.

Check Version:

Check Koillection admin panel or examine the package.json file for version information.

Verify Fix Applied:

After upgrading to 1.7.0, verify that CSRF tokens are properly generated and validated for all POST/PUT/DELETE requests.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed CSRF token validations from same IP
  • Unusual POST requests without referrer headers

Network Indicators:

  • Cross-origin requests to Koillection endpoints without proper referrer validation

SIEM Query:

source="koillection" AND (event="csrf_failure" OR event="invalid_token")

📊 Metadata

CVE ID: CVE-2025-9747
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
EPSS Score: 0.03% exploit probability (6.2th percentile)
Published: August 31, 2025
Last Updated: September 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9747, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2018-18934 9.8

This vulnerability in PopojiCMS v2.0.1 allows remote attackers to upload and execute arbitrary PHP c...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)