CVE-2025-25967

Name of the Vulnerable Software and Affected Versions Acora CMS version 10.1.1

Description The issue allows attackers to trick authenticated users into performing unauthorized actions by embedding malicious requests in external content. This is due to the lack of Cross-Site Request Forgery (CSRF) protections, which enables exploitation via crafted requests. Attackers can perform actions such as account deletion or user creation.

Recommendations For Acora CMS version 10.1.1, consider implementing CSRF protections to prevent exploitation. As a temporary workaround, restrict access to sensitive actions, such as account deletion or user creation, to minimize the risk of unauthorized modifications.