CVE-2025-28355

Name of the Vulnerable Software and Affected Versions Volmarg Personal Management System version 1.4.65

Description The issue allows attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none. This is related to Cross Site Request Forgery (CSRF).

Recommendations For Volmarg Personal Management System version 1.4.65, consider updating the SameSite cookie attribute to a more secure value, such as Lax or Strict, to mitigate the risk of CSRF attacks. As a temporary workaround, restrict access to sensitive information and functions that can be executed through CSRF attacks until a patch is available.