CVE-2025-47523: CWE-352 Cross-Site Request Forgery (CSRF) in Lukáš Hartmann Seznam Webmaster
Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7.
AI Analysis
Technical Summary
CVE-2025-47523 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Seznam Webmaster tool developed by Lukáš Hartmann. The vulnerability affects versions up to 1.4.7 of the product. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application in which they are currently authenticated, potentially causing unintended actions without the user's consent. In this case, the vulnerability does not impact confidentiality or availability but can lead to integrity issues by enabling unauthorized state-changing requests. The CVSS 3.1 base score is 4.3 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. The issue arises because the application does not sufficiently verify that state-changing requests originate from legitimate users, allowing attackers to craft malicious requests that users might unwittingly execute while authenticated.
Potential Impact
For European organizations using Seznam Webmaster, this vulnerability could allow attackers to perform unauthorized actions on their webmaster accounts if users are tricked into clicking malicious links or visiting malicious websites while logged in. Although the impact on confidentiality and availability is negligible, the integrity of the affected accounts could be compromised, potentially leading to unauthorized changes in webmaster settings, site configurations, or analytics data. This could indirectly affect website management, SEO, and monitoring activities, which are critical for business operations and online presence. Given that Seznam is a popular Czech search engine and webmaster tool, organizations in the Czech Republic and neighboring countries relying on this tool are at higher risk. The medium severity rating indicates that while the vulnerability is not critical, it still poses a meaningful risk that should be addressed promptly to prevent misuse.
Mitigation Recommendations
To mitigate this CSRF vulnerability, European organizations should implement or verify the presence of anti-CSRF tokens in all state-changing requests within Seznam Webmaster. These tokens should be unique per user session and validated server-side to ensure requests are legitimate. Additionally, organizations should encourage users to log out of Seznam Webmaster when not in use and avoid clicking on suspicious links or visiting untrusted websites while authenticated. Network-level protections such as Content Security Policy (CSP) and SameSite cookie attributes can also reduce the risk of CSRF attacks by restricting how cookies are sent and how scripts execute. Monitoring user activity logs for unusual changes and applying strict access controls can help detect and limit potential damage. Since no patches are currently linked, organizations should stay alert for official updates from the vendor and apply them promptly once available.
Affected Countries
Czech Republic, Slovakia, Austria, Germany, Poland
CVE-2025-47523: CWE-352 Cross-Site Request Forgery (CSRF) in Lukáš Hartmann Seznam Webmaster
Description
Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7.
AI-Powered Analysis
Technical Analysis
CVE-2025-47523 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Seznam Webmaster tool developed by Lukáš Hartmann. The vulnerability affects versions up to 1.4.7 of the product. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application in which they are currently authenticated, potentially causing unintended actions without the user's consent. In this case, the vulnerability does not impact confidentiality or availability but can lead to integrity issues by enabling unauthorized state-changing requests. The CVSS 3.1 base score is 4.3 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. The issue arises because the application does not sufficiently verify that state-changing requests originate from legitimate users, allowing attackers to craft malicious requests that users might unwittingly execute while authenticated.
Potential Impact
For European organizations using Seznam Webmaster, this vulnerability could allow attackers to perform unauthorized actions on their webmaster accounts if users are tricked into clicking malicious links or visiting malicious websites while logged in. Although the impact on confidentiality and availability is negligible, the integrity of the affected accounts could be compromised, potentially leading to unauthorized changes in webmaster settings, site configurations, or analytics data. This could indirectly affect website management, SEO, and monitoring activities, which are critical for business operations and online presence. Given that Seznam is a popular Czech search engine and webmaster tool, organizations in the Czech Republic and neighboring countries relying on this tool are at higher risk. The medium severity rating indicates that while the vulnerability is not critical, it still poses a meaningful risk that should be addressed promptly to prevent misuse.
Mitigation Recommendations
To mitigate this CSRF vulnerability, European organizations should implement or verify the presence of anti-CSRF tokens in all state-changing requests within Seznam Webmaster. These tokens should be unique per user session and validated server-side to ensure requests are legitimate. Additionally, organizations should encourage users to log out of Seznam Webmaster when not in use and avoid clicking on suspicious links or visiting untrusted websites while authenticated. Network-level protections such as Content Security Policy (CSP) and SameSite cookie attributes can also reduce the risk of CSRF attacks by restricting how cookies are sent and how scripts execute. Monitoring user activity logs for unusual changes and applying strict access controls can help detect and limit potential damage. Since no patches are currently linked, organizations should stay alert for official updates from the vendor and apply them promptly once available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-05-07T09:39:40.223Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981ac4522896dcbd917d
Added to database: 5/21/2025, 9:08:42 AM
Last enriched: 7/5/2025, 11:12:10 AM
Last updated: 8/17/2025, 5:12:56 PM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.