CVE-2025-22520

Name of the Vulnerable Software and Affected Versions Tock Widget versions n/a through 1.1

Description The issue is related to a Cross-Site Request Forgery (CSRF) problem, which allows for Cross Site Request Forgery. This is a type of attack where an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to.

Recommendations For versions n/a through 1.1, as a temporary workaround, consider implementing proper CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation. Avoid using the affected widget until the issue is resolved or a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.