PT-2025-10975 · Opal · Opal

Parnuski

Published

2025-03-11

Updated

2025-03-12

CVE-2025-27792

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Opal versions prior to 5.1.1

Description: The issue concerns insufficient protections against cross-site request forgery (CSRF) in the Opal application. The application checks the referrer header and returns a 403 error if it is invalid. However, this protection can be bypassed by dropping the referrer header from CSRF requests using <meta name="referrer" content="never">.

Recommendations: For versions prior to 5.1.1, update to version 5.1.1 to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

AZL-62429

CVE-2025-27792

GHSA-27VW-29RQ-C358

Affected Products

Opal

PT-2025-10975 · Opal · Opal

CVE-2025-27792

Weakness Enumeration

Related Identifiers

Affected Products

References · 6