Skip to main content

CVE-2025-52791: CWE-352 Cross-Site Request Forgery (CSRF) in devfelixmoira Knowledge Base – Knowledge Base Maker

High
VulnerabilityCVE-2025-52791cvecve-2025-52791cwe-352
Published: Fri Jun 20 2025 (06/20/2025, 15:03:42 UTC)
Source: CVE Database V5
Vendor/Project: devfelixmoira
Product: Knowledge Base – Knowledge Base Maker

Description

Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.

AI-Powered Analysis

AILast updated: 06/21/2025, 10:53:08 UTC

Technical Analysis

CVE-2025-52791 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) weakness in the devfelixmoira Knowledge Base – Knowledge Base Maker product, affecting versions up to 1.1.8. This vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user without their consent. Specifically, the CSRF flaw enables Stored Cross-Site Scripting (Stored XSS) attacks, where malicious scripts injected by the attacker are permanently stored on the target server and executed in the context of users accessing the affected knowledge base. The CVSS 3.1 base score of 7.1 reflects a high severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability to a low degree individually but combined can lead to significant compromise. The vulnerability can be exploited remotely by tricking authenticated users into executing crafted requests, potentially leading to session hijacking, data manipulation, or further exploitation within the knowledge base environment. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly.

Potential Impact

For European organizations using the devfelixmoira Knowledge Base – Knowledge Base Maker, this vulnerability poses a significant risk to the confidentiality and integrity of internal documentation and knowledge assets. Exploitation could lead to unauthorized modification or disclosure of sensitive information, undermining operational security and trust. The stored XSS component can facilitate persistent attacks against users, including session hijacking, credential theft, or spreading malware within the organization. This is particularly critical for sectors relying heavily on knowledge bases for internal processes, such as government agencies, financial institutions, and large enterprises. The availability impact, while rated low individually, could manifest through denial-of-service conditions if the system is manipulated or destabilized via injected scripts. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger the exploit, increasing the attack surface. Given the interconnected nature of European organizations and regulatory requirements like GDPR, exploitation could also lead to compliance violations and reputational damage.

Mitigation Recommendations

1. Immediate implementation of CSRF protections such as anti-CSRF tokens in all state-changing requests within the Knowledge Base Maker application. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and mitigate the impact of stored XSS. 3. Conduct a thorough code review and input validation to sanitize user inputs and prevent script injection. 4. Restrict user permissions to the minimum necessary to reduce the impact of compromised accounts. 5. Educate users on phishing and social engineering risks to reduce the likelihood of successful user interaction exploitation. 6. Monitor web application logs for unusual POST requests or patterns indicative of CSRF or XSS exploitation attempts. 7. If possible, isolate the knowledge base system within a segmented network zone to limit lateral movement in case of compromise. 8. Engage with the vendor or community to obtain or develop patches addressing this vulnerability and apply them promptly once available. 9. Implement multi-factor authentication (MFA) to reduce the risk of session hijacking following exploitation. 10. Regularly update and patch all related software components to minimize exposure to known vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-06-19T10:03:22.155Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68568e87aded773421b5abbf

Added to database: 6/21/2025, 10:50:47 AM

Last enriched: 6/21/2025, 10:53:08 AM

Last updated: 8/11/2025, 7:44:06 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats