CVE-2025-60137 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Galaxy Weblinks product, specifically affecting the 'Post Featured Video' functionality. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application in which they are currently authenticated. In this case, the vulnerability enables an attacker to perform unauthorized actions related to posting or modifying featured videos without the user's consent. The vulnerability affects versions up to 1.7 of the product, although the exact affected versions are not fully enumerated. The CVSS 3.1 base score is 4.3, indicating a medium severity level. The vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N indicates that the attack can be launched remotely over the network without privileges, requires user interaction (such as clicking a malicious link), and impacts integrity but not confidentiality or availability. The scope remains unchanged, meaning the vulnerability affects only the vulnerable component. No known exploits are reported in the wild yet, and no patches or fixes have been linked at the time of publication. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. This type of vulnerability typically arises due to missing or ineffective anti-CSRF tokens or improper validation of request origins in web applications. Attackers exploiting this flaw could cause users to unknowingly perform actions that alter the state of the application, such as changing featured video content, potentially leading to misinformation, defacement, or unauthorized content promotion.

For European organizations using Galaxy Weblinks with the affected Post Featured Video module, this vulnerability poses a risk primarily to the integrity of their web content. Attackers could manipulate featured video content on websites, potentially damaging brand reputation, misleading users, or promoting malicious or unauthorized media. While confidentiality and availability are not directly impacted, the integrity compromise can lead to loss of user trust and possible legal or compliance issues, especially under regulations like GDPR if user data or consent mechanisms are indirectly affected. Organizations with public-facing websites relying on this module for content management are at higher risk. The attack requires user interaction but no authentication privileges, meaning any visitor to a maliciously crafted page could trigger the exploit if they are also authenticated on the target site. This could be leveraged in targeted phishing campaigns or through malicious third-party sites. Given the medium severity and lack of known exploits, the immediate risk is moderate, but organizations should prioritize mitigation to prevent potential exploitation as awareness grows.

To mitigate this CSRF vulnerability, organizations should implement or verify the presence of robust anti-CSRF protections in the Galaxy Weblinks Post Featured Video module. This includes ensuring that all state-changing requests require a unique, unpredictable anti-CSRF token that is validated server-side. Additionally, implementing the SameSite cookie attribute (preferably 'Strict' or 'Lax') can reduce the risk of CSRF by restricting cross-origin requests. Organizations should also review and enforce strict Content Security Policy (CSP) headers to limit the execution of unauthorized scripts. Monitoring and logging unusual activity related to featured video postings can help detect exploitation attempts. Since no patch is currently linked, organizations should engage with the vendor for updates or consider temporary workarounds such as disabling the affected functionality if feasible. User education to recognize phishing attempts and suspicious links can reduce the likelihood of user interaction triggering the exploit. Finally, regular security assessments and penetration testing focusing on CSRF and related web vulnerabilities are recommended to ensure comprehensive protection.