CVE-2025-13671 is a Cross-Site Request Forgery (CSRF) vulnerability identified in OpenText™ Web Site Management Server versions 16.7.0 and 16.7.1. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a forged HTTP request, which the server trusts due to the user's active session. In this case, the vulnerability allows an attacker to craft malicious HTML content that, when visited by a logged-in user, can trigger unauthorized state-changing actions within the Web Site Management Server. The vulnerability requires the victim to have an active session and to interact with the malicious content, such as clicking a link or visiting a webpage containing the exploit. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), partial attack traceability (AT:P), low privileges required (PR:L), user interaction required (UI:P), no impact on confidentiality (VC:N), high impact on integrity (VI:H), no impact on availability (VA:N), low scope change (SC:L), no impact on system integrity (SI:N), no scope change (SA:N), partial scope (S:P), no authentication required (AU:N), and unknown impact on resource utilization (R:U), with data confidentiality impact (V:D) and high exploitability (RE:H). This combination results in a medium severity rating with a CVSS score of 5.9. The vulnerability does not currently have known exploits in the wild, but the risk remains significant due to the potential for unauthorized changes to website content or configurations. The root cause is the lack of proper anti-CSRF protections, such as missing or inadequate CSRF tokens or insufficient validation of request origins. This vulnerability falls under CWE-352, which covers CSRF issues. Since OpenText Web Site Management Server is used for managing web content, exploitation could lead to unauthorized content modifications, defacement, or configuration changes that undermine the integrity of web assets.

The primary impact of CVE-2025-13671 is on the integrity of web content and configurations managed by OpenText Web Site Management Server. Successful exploitation allows attackers to perform unauthorized actions on behalf of authenticated users, potentially leading to unauthorized content changes, defacement, or misconfiguration. This can damage organizational reputation, disrupt business operations, and lead to further security issues if malicious content is injected. Confidentiality is not directly impacted, as the vulnerability does not expose sensitive data. Availability is also unaffected. However, the integrity compromise can have cascading effects, such as loss of trust by users and customers, and may facilitate further attacks if attackers insert malicious scripts or links. Organizations relying on this product for critical web content management are at risk of operational disruption and reputational harm. The requirement for user interaction and an active session limits the ease of exploitation but does not eliminate risk, especially in environments with high user activity and exposure to phishing or social engineering attacks.

To mitigate CVE-2025-13671, organizations should: 1) Apply any patches or updates provided by OpenText as soon as they become available to address the vulnerability directly. 2) Implement robust anti-CSRF protections, including the use of unique, unpredictable CSRF tokens for all state-changing requests within the Web Site Management Server. 3) Enforce strict validation of the Origin and Referer HTTP headers to ensure requests originate from trusted sources. 4) Educate users about the risks of clicking unknown or suspicious links, especially when logged into sensitive systems. 5) Employ web application firewalls (WAFs) with rules designed to detect and block CSRF attack patterns. 6) Review and minimize user privileges to limit the impact of compromised sessions. 7) Monitor logs for unusual or unauthorized changes to website content or configurations. 8) Consider implementing multi-factor authentication (MFA) to reduce the risk of session hijacking that could facilitate CSRF exploitation. These measures collectively reduce the attack surface and help prevent exploitation even if the vulnerability remains unpatched temporarily.