Skip to main content

CVE-2025-47523: CWE-352 Cross-Site Request Forgery (CSRF) in Lukáš Hartmann Seznam Webmaster

Medium
VulnerabilityCVE-2025-47523cvecve-2025-47523cwe-352
Published: Wed May 07 2025 (05/07/2025, 14:20:08 UTC)
Source: CVE
Vendor/Project: Lukáš Hartmann
Product: Seznam Webmaster

Description

Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7.

AI-Powered Analysis

AILast updated: 07/05/2025, 11:12:10 UTC

Technical Analysis

CVE-2025-47523 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Seznam Webmaster tool developed by Lukáš Hartmann. The vulnerability affects versions up to 1.4.7 of the product. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application in which they are currently authenticated, potentially causing unintended actions without the user's consent. In this case, the vulnerability does not impact confidentiality or availability but can lead to integrity issues by enabling unauthorized state-changing requests. The CVSS 3.1 base score is 4.3 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. The issue arises because the application does not sufficiently verify that state-changing requests originate from legitimate users, allowing attackers to craft malicious requests that users might unwittingly execute while authenticated.

Potential Impact

For European organizations using Seznam Webmaster, this vulnerability could allow attackers to perform unauthorized actions on their webmaster accounts if users are tricked into clicking malicious links or visiting malicious websites while logged in. Although the impact on confidentiality and availability is negligible, the integrity of the affected accounts could be compromised, potentially leading to unauthorized changes in webmaster settings, site configurations, or analytics data. This could indirectly affect website management, SEO, and monitoring activities, which are critical for business operations and online presence. Given that Seznam is a popular Czech search engine and webmaster tool, organizations in the Czech Republic and neighboring countries relying on this tool are at higher risk. The medium severity rating indicates that while the vulnerability is not critical, it still poses a meaningful risk that should be addressed promptly to prevent misuse.

Mitigation Recommendations

To mitigate this CSRF vulnerability, European organizations should implement or verify the presence of anti-CSRF tokens in all state-changing requests within Seznam Webmaster. These tokens should be unique per user session and validated server-side to ensure requests are legitimate. Additionally, organizations should encourage users to log out of Seznam Webmaster when not in use and avoid clicking on suspicious links or visiting untrusted websites while authenticated. Network-level protections such as Content Security Policy (CSP) and SameSite cookie attributes can also reduce the risk of CSRF attacks by restricting how cookies are sent and how scripts execute. Monitoring user activity logs for unusual changes and applying strict access controls can help detect and limit potential damage. Since no patches are currently linked, organizations should stay alert for official updates from the vendor and apply them promptly once available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-05-07T09:39:40.223Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ac4522896dcbd917d

Added to database: 5/21/2025, 9:08:42 AM

Last enriched: 7/5/2025, 11:12:10 AM

Last updated: 8/11/2025, 12:15:35 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats