CVE-2025-65573

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to cause a denial of service via function handle_interface_POST_and_status.

Ссылки

https://gh0stmezh.wordpress.com/2025/12/05/cve-2025-65573/
Exploit
Third Party Advisory
https://github.com/AllskyTeam/allsky
Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/dashboard_LAN.php
Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/dashboard_WLAN.php
Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/functions.php
Product
https://gh0stmezh.wordpress.com/2025/12/05/cve-2025-65573/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:allskyteam:allsky:2024.12.06_06:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-88wg-48f3-4qgx