CVE-2025-23044

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Jan 20, 2025

CWE ID 352

Summary

CVE-2025-23044: A significant vulnerability was identified in PwnDoc, a penetration test report generator. The issue lies in the absence of Cross-Site Request Forgery (CSRF) protection, enabling attackers to impersonate logged-in users and make unauthorized GET and POST requests. This occurs due to missing SameSite attributes on cookies and the ability to refresh cookies. A patch has been implemented in commit 14acb704891245bf1703ce6296d62112e85aa995 to address this security weakness.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2W1GmC
https://www.cve.org/CVERecord?id=CVE-2025-23044
https://nvd.nist.gov/vuln/detail/CVE-2025-23044

Back to Vulnerability Database

CVE-2025-23044

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations