CVE-2025-42616

Name of the Vulnerable Software and Affected Versions Vulnerability-Lookup versions prior to 2.18.0

Description Certain endpoints in Vulnerability-Lookup allowed modification of application state—including database entries, user data, and configurations—through HTTP GET requests without Cross-Site Request Forgery (CSRF) token validation. This creates a risk of Cross-Site Request Forgery (CSRF) attacks, where a malicious website could trick a logged-in user into unintentionally performing state-changing operations. An attacker could exploit this to escalate privileges or alter settings without the user's knowledge. The issue was addressed by requiring HTTP POST requests and valid CSRF tokens for all state-changing endpoints, preventing unauthorized state modifications via GET requests.

Recommendations Versions prior to 2.18.0 should be updated to version 2.18.0 or later.