CVE-2025-23922

Name of the Vulnerable Software and Affected Versions Harsh iSpring Embedder versions n/a through 1.0

Description A Cross-Site Request Forgery (CSRF) issue allows uploading a web shell to a web server. This can be exploited to gain unauthorized access to the server.

Recommendations For versions n/a through 1.0, as a temporary workaround, consider disabling any functionality that allows file uploads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.