CVE-2025-25967 PoC — DDSN Interactive Acora CMS 跨站请求伪造漏洞

Source

https://github.com/padayali-JD/CVE-2025-25967

Associated Vulnerability

Title:DDSN Interactive Acora CMS 跨站请求伪造漏洞 (CVE-2025-25967)
Description:DDSN Interactive Acora CMS是DDSN Interactive公司的一个企业网络和移动 CMS。 DDSN Interactive Acora CMS 10.1.1版本存在安全漏洞，该漏洞源于缺乏CSRF保护，可能导致未经授权的操作。

Readme

# CVE-2025-25967: Cross-Site Request Forgery (CSRF)
DDSN Interactive cm3 Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorised actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests that leverage the victim's active session, leading to privilege misuse and potential disruption of user management functionality.

Affected version: Acora CMS v10.1.1 and possibly other versions

Discovered by Joby Y Daniel from Crowe India.

File Snapshot


 [4.0K]  /data/pocs/e14ab9918c87e149d0f7a6531e3b395fb9e0c025
└── [ 653]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!