CVE-2025-5521
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
A cross-site request forgery (CSRF) vulnerability was found in WuKongOpenSource WukongCRM 9.0 in the file /system/user/updataPassword. The attack can be launched remotely, and exploit details have been publicly disclosed.
Risk Assessment
The risk involves an attacker being able to perform unauthorized password changes, potentially leading to account takeover and data confidentiality breaches.
Recommendation
Immediately implement CSRF protection mechanisms such as anti-CSRF tokens, and consider updating the system or applying temporary patches from the vendor.
Original NVD description (English source)
A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

