CVE-2025-13671 is a medium severity Cross-Site Request Forgery (CSRF) vulnerability identified in OpenText™ Web Site Management Server versions 16.7.0 and 16.7.1. CSRF vulnerabilities occur when a web application does not sufficiently verify that state-changing requests originate from legitimate users, allowing attackers to craft malicious web pages that, when visited by authenticated users, trigger unauthorized actions without their consent. In this case, the vulnerability enables attackers to exploit active sessions of legitimate users by embedding malicious HTML that causes the victim's browser to send forged requests to the Web Site Management Server. These unauthorized requests can lead to changes in the managed website content or configuration, potentially compromising the integrity and confidentiality of the web assets. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), partial attack traceability (AT:P), requiring low privileges (PR:L), and user interaction (UI:P). The vulnerability does not affect confidentiality directly but impacts integrity highly, with no impact on availability. The scope is partially changed (S:P), meaning the vulnerability affects components beyond the initially vulnerable component. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The root cause is insufficient or missing anti-CSRF tokens or validation mechanisms in the affected versions of the product.

The primary impact of CVE-2025-13671 is unauthorized modification of website content or configuration managed by OpenText Web Site Management Server. Attackers can leverage this vulnerability to perform actions on behalf of authenticated users, potentially defacing websites, injecting malicious content, or altering critical configurations. This can lead to reputational damage, loss of customer trust, and potential downstream attacks such as malware distribution or phishing. While availability is not directly affected, the integrity and confidentiality of web content are at risk. Organizations relying on OpenText Web Site Management Server for critical web presence or content management may face operational disruptions and compliance issues if exploited. The requirement for user interaction and an active session limits the attack surface but does not eliminate risk, especially in environments with high user activity. The absence of known exploits currently reduces immediate threat but does not preclude future exploitation. Overall, the vulnerability poses a moderate risk to organizations worldwide using the affected versions, especially those with publicly accessible management interfaces.

1. Upgrade OpenText Web Site Management Server to a version where this vulnerability is patched once available. Monitor vendor advisories for official patches. 2. Implement strict anti-CSRF protections such as synchronizer tokens or double-submit cookies in the web application if customization is possible. 3. Enforce SameSite cookie attributes to restrict cross-origin requests from sending authentication cookies. 4. Limit user privileges and session durations to reduce the window of opportunity for exploitation. 5. Educate users to avoid clicking on suspicious links or visiting untrusted websites while authenticated to the management server. 6. Employ web application firewalls (WAFs) with rules to detect and block suspicious CSRF attack patterns targeting the management interface. 7. Monitor logs for unusual or unauthorized state-changing requests originating from user sessions. 8. Restrict access to the management server interface by IP whitelisting or VPN to reduce exposure to external attackers. 9. Conduct regular security assessments and penetration testing focused on CSRF and session management controls. These measures collectively reduce the risk of successful exploitation beyond generic patching advice.