CVE-2025-6105

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jflyfox jfinal cms version 5.0.1

Description A cross-site request forgery issue has been identified, affecting the HOME.java file. The manipulation of the Logout argument can lead to this issue. The attack can be initiated remotely.

Recommendations For jflyfox jfinal cms version 5.0.1, consider restricting access to the Logout argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authorization

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-352

Related Identifiers

CVE-2025-6105

Affected Products

Jfinalcms

CVE-2025-6105

Weakness Enumeration

Related Identifiers

Affected Products

References · 10