CVE-2025-28355: Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and...

4.7 CVSS

Description

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none

Classification

CVE ID: CVE-2025-28355

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.7

Affected Products

Vendor: n/a

Product: n/a

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-28355
https://github.com/Volmarg/personal-management-system
https://github.com/abbisQQ/CVE-2025-28355/tree/main
https://github.com/Volmarg/personal-management-system/issues/149

Timeline

2025-04-18 19:40:17 UTC
CVE

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and...