CVE-2025-10329

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3

Description: A vulnerability exists in cdevroe unmark up to version 1.9.3. The issue affects an unknown part of the file /application/controllers/Marks.php and allows for server-side request forgery through manipulation of the url argument. This attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations: Update cdevroe unmark to a version later than 1.9.3. As a temporary workaround, restrict or disable access to the /application/controllers/Marks.php file. Avoid using the url parameter in the affected file until the issue is resolved.