CVE-2025-52791: CWE-352 Cross-Site Request Forgery (CSRF) in devfelixmoira Knowledge Base – Knowledge Base Maker
Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.
AI Analysis
Technical Summary
CVE-2025-52791 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) weakness in the devfelixmoira Knowledge Base – Knowledge Base Maker product, affecting versions up to 1.1.8. This vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user without their consent. Specifically, the CSRF flaw enables Stored Cross-Site Scripting (Stored XSS) attacks, where malicious scripts injected by the attacker are permanently stored on the target server and executed in the context of users accessing the affected knowledge base. The CVSS 3.1 base score of 7.1 reflects a high severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability to a low degree individually but combined can lead to significant compromise. The vulnerability can be exploited remotely by tricking authenticated users into executing crafted requests, potentially leading to session hijacking, data manipulation, or further exploitation within the knowledge base environment. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly.
Potential Impact
For European organizations using the devfelixmoira Knowledge Base – Knowledge Base Maker, this vulnerability poses a significant risk to the confidentiality and integrity of internal documentation and knowledge assets. Exploitation could lead to unauthorized modification or disclosure of sensitive information, undermining operational security and trust. The stored XSS component can facilitate persistent attacks against users, including session hijacking, credential theft, or spreading malware within the organization. This is particularly critical for sectors relying heavily on knowledge bases for internal processes, such as government agencies, financial institutions, and large enterprises. The availability impact, while rated low individually, could manifest through denial-of-service conditions if the system is manipulated or destabilized via injected scripts. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger the exploit, increasing the attack surface. Given the interconnected nature of European organizations and regulatory requirements like GDPR, exploitation could also lead to compliance violations and reputational damage.
Mitigation Recommendations
1. Immediate implementation of CSRF protections such as anti-CSRF tokens in all state-changing requests within the Knowledge Base Maker application. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and mitigate the impact of stored XSS. 3. Conduct a thorough code review and input validation to sanitize user inputs and prevent script injection. 4. Restrict user permissions to the minimum necessary to reduce the impact of compromised accounts. 5. Educate users on phishing and social engineering risks to reduce the likelihood of successful user interaction exploitation. 6. Monitor web application logs for unusual POST requests or patterns indicative of CSRF or XSS exploitation attempts. 7. If possible, isolate the knowledge base system within a segmented network zone to limit lateral movement in case of compromise. 8. Engage with the vendor or community to obtain or develop patches addressing this vulnerability and apply them promptly once available. 9. Implement multi-factor authentication (MFA) to reduce the risk of session hijacking following exploitation. 10. Regularly update and patch all related software components to minimize exposure to known vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden, Poland, Austria
CVE-2025-52791: CWE-352 Cross-Site Request Forgery (CSRF) in devfelixmoira Knowledge Base – Knowledge Base Maker
Description
Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.
AI-Powered Analysis
Technical Analysis
CVE-2025-52791 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) weakness in the devfelixmoira Knowledge Base – Knowledge Base Maker product, affecting versions up to 1.1.8. This vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user without their consent. Specifically, the CSRF flaw enables Stored Cross-Site Scripting (Stored XSS) attacks, where malicious scripts injected by the attacker are permanently stored on the target server and executed in the context of users accessing the affected knowledge base. The CVSS 3.1 base score of 7.1 reflects a high severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability to a low degree individually but combined can lead to significant compromise. The vulnerability can be exploited remotely by tricking authenticated users into executing crafted requests, potentially leading to session hijacking, data manipulation, or further exploitation within the knowledge base environment. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly.
Potential Impact
For European organizations using the devfelixmoira Knowledge Base – Knowledge Base Maker, this vulnerability poses a significant risk to the confidentiality and integrity of internal documentation and knowledge assets. Exploitation could lead to unauthorized modification or disclosure of sensitive information, undermining operational security and trust. The stored XSS component can facilitate persistent attacks against users, including session hijacking, credential theft, or spreading malware within the organization. This is particularly critical for sectors relying heavily on knowledge bases for internal processes, such as government agencies, financial institutions, and large enterprises. The availability impact, while rated low individually, could manifest through denial-of-service conditions if the system is manipulated or destabilized via injected scripts. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger the exploit, increasing the attack surface. Given the interconnected nature of European organizations and regulatory requirements like GDPR, exploitation could also lead to compliance violations and reputational damage.
Mitigation Recommendations
1. Immediate implementation of CSRF protections such as anti-CSRF tokens in all state-changing requests within the Knowledge Base Maker application. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and mitigate the impact of stored XSS. 3. Conduct a thorough code review and input validation to sanitize user inputs and prevent script injection. 4. Restrict user permissions to the minimum necessary to reduce the impact of compromised accounts. 5. Educate users on phishing and social engineering risks to reduce the likelihood of successful user interaction exploitation. 6. Monitor web application logs for unusual POST requests or patterns indicative of CSRF or XSS exploitation attempts. 7. If possible, isolate the knowledge base system within a segmented network zone to limit lateral movement in case of compromise. 8. Engage with the vendor or community to obtain or develop patches addressing this vulnerability and apply them promptly once available. 9. Implement multi-factor authentication (MFA) to reduce the risk of session hijacking following exploitation. 10. Regularly update and patch all related software components to minimize exposure to known vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-06-19T10:03:22.155Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68568e87aded773421b5abbf
Added to database: 6/21/2025, 10:50:47 AM
Last enriched: 6/21/2025, 10:53:08 AM
Last updated: 8/11/2025, 7:44:06 AM
Views: 15
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.