CVE-2025-23664

Name of the Vulnerable Software and Affected Versions Real Seguro Viagem versions n/a through 2.0.5

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS in Real Seguro Viagem. This means an attacker can perform actions on behalf of a user without their knowledge or consent and can also inject malicious scripts that are stored on the server and executed when other users access the affected page.

Recommendations For versions n/a through 2.0.5, update to a version that includes a fix for the CSRF vulnerability, ensuring that proper validation and verification of requests are implemented to prevent unauthorized actions. As a temporary workaround, consider implementing additional validation for requests to prevent CSRF attacks until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.