CVE-2021-25965

Name of the Vulnerable Software and Affected Versions Calibre-web versions 0.6.0 through 0.6.13

Description The issue allows an attacker to create a new user role with admin privileges and attacker-controlled credentials by luring an authenticated user to click on a link, potentially taking over the application. This is achieved through Cross-Site Request Forgery (CSRF).

Recommendations For Calibre-web versions 0.6.0 through 0.6.13, as a temporary workaround, consider restricting access to user role creation functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.