CVE-2025-48114: CWE-352 Cross-Site Request Forgery (CSRF) in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.
AI Analysis
Technical Summary
CVE-2025-48114 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) issue in the ShayanWeb Admin FontChanger product developed by Shayan Farhang Pazhooh. This vulnerability affects versions up to 1.8.1. The core problem is that the application does not adequately verify the authenticity of requests made by authenticated users, allowing attackers to trick users into submitting unauthorized requests. The CSRF vulnerability in this context enables an attacker to perform actions on behalf of a legitimate user without their consent, specifically leading to Stored Cross-Site Scripting (XSS). Stored XSS means that malicious scripts injected by an attacker are permanently stored on the target server (e.g., in a database or persistent configuration) and executed in the context of other users’ browsers when they access the affected resource. The CVSS 3.1 score of 7.1 reflects a high severity, with the vector indicating that the attack can be performed remotely (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact includes low confidentiality, integrity, and availability impacts individually, but combined they can lead to significant compromise of user sessions and data integrity. No known exploits are currently reported in the wild, and no patches have been published yet. However, the presence of stored XSS via CSRF can allow attackers to steal session tokens, perform unauthorized actions, or spread malware within the user base of the affected application.
Potential Impact
For European organizations using ShayanWeb Admin FontChanger, this vulnerability poses a significant risk to web application security. The stored XSS resulting from CSRF can lead to session hijacking, unauthorized administrative actions, and potential data leakage. This can compromise the confidentiality of sensitive information, integrity of website content, and availability if attackers manipulate administrative functions. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on this product for web administration could face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The attack requires user interaction but no authentication, meaning even non-privileged users or external attackers can exploit it by tricking legitimate users into executing malicious requests. This broadens the attack surface and increases the likelihood of successful exploitation. The lack of patches means organizations must rely on mitigation strategies until an official fix is released.
Mitigation Recommendations
1. Implement strict CSRF protections immediately, such as synchronizer tokens or double-submit cookies, to validate the authenticity of requests. 2. Employ Content Security Policy (CSP) headers to reduce the impact of stored XSS by restricting script execution sources. 3. Conduct thorough input validation and output encoding on all user-supplied data to prevent script injection. 4. Restrict administrative interface access using network-level controls (e.g., VPN, IP whitelisting) to limit exposure. 5. Educate users about phishing and social engineering tactics that could trigger CSRF attacks. 6. Monitor web application logs for unusual POST requests or parameter changes indicative of exploitation attempts. 7. Apply web application firewalls (WAFs) with rules targeting CSRF and XSS attack patterns as a temporary protective measure. 8. Plan for rapid deployment of patches once available from the vendor. 9. Review and update session management policies to minimize session fixation and hijacking risks. These steps go beyond generic advice by focusing on layered defenses, user awareness, and proactive monitoring tailored to the specific nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-48114: CWE-352 Cross-Site Request Forgery (CSRF) in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger
Description
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.
AI-Powered Analysis
Technical Analysis
CVE-2025-48114 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) issue in the ShayanWeb Admin FontChanger product developed by Shayan Farhang Pazhooh. This vulnerability affects versions up to 1.8.1. The core problem is that the application does not adequately verify the authenticity of requests made by authenticated users, allowing attackers to trick users into submitting unauthorized requests. The CSRF vulnerability in this context enables an attacker to perform actions on behalf of a legitimate user without their consent, specifically leading to Stored Cross-Site Scripting (XSS). Stored XSS means that malicious scripts injected by an attacker are permanently stored on the target server (e.g., in a database or persistent configuration) and executed in the context of other users’ browsers when they access the affected resource. The CVSS 3.1 score of 7.1 reflects a high severity, with the vector indicating that the attack can be performed remotely (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact includes low confidentiality, integrity, and availability impacts individually, but combined they can lead to significant compromise of user sessions and data integrity. No known exploits are currently reported in the wild, and no patches have been published yet. However, the presence of stored XSS via CSRF can allow attackers to steal session tokens, perform unauthorized actions, or spread malware within the user base of the affected application.
Potential Impact
For European organizations using ShayanWeb Admin FontChanger, this vulnerability poses a significant risk to web application security. The stored XSS resulting from CSRF can lead to session hijacking, unauthorized administrative actions, and potential data leakage. This can compromise the confidentiality of sensitive information, integrity of website content, and availability if attackers manipulate administrative functions. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on this product for web administration could face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The attack requires user interaction but no authentication, meaning even non-privileged users or external attackers can exploit it by tricking legitimate users into executing malicious requests. This broadens the attack surface and increases the likelihood of successful exploitation. The lack of patches means organizations must rely on mitigation strategies until an official fix is released.
Mitigation Recommendations
1. Implement strict CSRF protections immediately, such as synchronizer tokens or double-submit cookies, to validate the authenticity of requests. 2. Employ Content Security Policy (CSP) headers to reduce the impact of stored XSS by restricting script execution sources. 3. Conduct thorough input validation and output encoding on all user-supplied data to prevent script injection. 4. Restrict administrative interface access using network-level controls (e.g., VPN, IP whitelisting) to limit exposure. 5. Educate users about phishing and social engineering tactics that could trigger CSRF attacks. 6. Monitor web application logs for unusual POST requests or parameter changes indicative of exploitation attempts. 7. Apply web application firewalls (WAFs) with rules targeting CSRF and XSS attack patterns as a temporary protective measure. 8. Plan for rapid deployment of patches once available from the vendor. 9. Review and update session management policies to minimize session fixation and hijacking risks. These steps go beyond generic advice by focusing on layered defenses, user awareness, and proactive monitoring tailored to the specific nature of this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-05-15T18:01:15.809Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0f91484d88663aebd68
Added to database: 5/20/2025, 6:59:05 PM
Last enriched: 7/11/2025, 11:02:32 PM
Last updated: 8/17/2025, 4:47:39 AM
Views: 9
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.