CVE-2025-25146

Name of the Vulnerable Software and Affected Versions Songkick Concerts and Festivals versions 0.9.7 and earlier

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as clicking on a malicious link.

Recommendations For versions 0.9.7 and earlier, consider implementing CSRF tokens or other anti-CSRF measures to prevent exploitation. As a temporary workaround, restrict access to sensitive functionality until a patch is available.