The vulnerability CVE-2025-22768 involves a CSRF weakness in the Rocket Media Library Mime Type plugin (version ≤ 2.1.0) by JinHan Park. This flaw enables an attacker to trick authenticated users into submitting unwanted requests, which can result in stored XSS attacks. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability could allow an attacker to execute stored XSS attacks via CSRF, potentially leading to session hijacking, defacement, or other malicious actions within the context of the affected application. The impact is rated as high due to the combination of CSRF and stored XSS, which can compromise user trust and application integrity. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing CSRF protections such as verifying anti-CSRF tokens and restricting user input handling to mitigate the risk. Monitor official sources for updates from JinHan Park regarding patches or temporary fixes.