The vulnerability identified as CVE-2025-23793 affects Ciprian Turcu Auto FTP versions up to 1.0.1. It is a Cross-Site Request Forgery (CSRF) vulnerability that enables stored Cross-Site Scripting (XSS) attacks. The CVSS 3.1 base score is 7.1, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality, integrity, and availability rated as low to low to low respectively. This indicates an attacker can remotely exploit the vulnerability with user interaction to execute malicious scripts stored on the target system. No patch or official fix details are currently available.

Successful exploitation of this vulnerability could allow an attacker to execute stored XSS attacks via CSRF, potentially leading to unauthorized actions performed on behalf of authenticated users, data disclosure, or manipulation within the affected Auto FTP application. The impact affects confidentiality, integrity, and availability at a low level but is significant enough to warrant attention given the high CVSS score.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply general CSRF mitigations such as disabling or restricting access to the affected Auto FTP application, using web application firewalls to detect and block CSRF and XSS attempts, and educating users about the risks of interacting with untrusted web content while authenticated. Monitor vendor channels for updates regarding patches or official mitigations.