Unknown · Activity Log Winterlock · CVE-2025-24982
Name of the Vulnerable Software and Affected Versions:
Activity Log WinterLock versions prior to 1.2.5
Description:
A cross-site request forgery issue exists. If a user views a malicious page while logged in, the log data may be deleted.
Recommendations:
For versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the log data until the update is applied. Avoid using the software while logged in and viewing untrusted pages to minimize the risk of exploitation.