CVE-2025-6864: Cross-Site Request Forgery in SeaCMS
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-6864 is a cross-site request forgery (CSRF) vulnerability identified in SeaCMS versions up to 13.2, specifically affecting an unspecified functionality within the /admin_type.php file. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to a web application, potentially causing unintended actions without the user's consent. In this case, the vulnerability can be exploited remotely without requiring any prior authentication or privileges, but it does require user interaction (such as clicking a malicious link or visiting a crafted webpage). The CVSS 4.0 base score is 5.3, indicating a medium severity level. The attack vector is network-based (remote), with low attack complexity and no privileges required. The vulnerability impacts the integrity of the system, as it may allow unauthorized commands or changes to be executed on behalf of the user, but does not affect confidentiality or availability directly. No known exploits are currently observed in the wild, and no patches or mitigations have been explicitly linked in the provided data. The vulnerability disclosure is recent (June 29, 2025), and public exploit code has been made available, increasing the risk of exploitation in the near term. SeaCMS is a content management system, and the affected admin functionality suggests that successful exploitation could lead to unauthorized administrative actions, potentially compromising the website's content or configuration.
Potential Impact
For European organizations using SeaCMS, this vulnerability poses a moderate risk. If exploited, attackers could perform unauthorized administrative actions by leveraging CSRF attacks, potentially leading to website defacement, unauthorized content changes, or configuration manipulation. This could damage organizational reputation, disrupt business operations, and expose sensitive data indirectly through altered content or misconfigurations. Since the vulnerability requires user interaction but no authentication, attackers could target employees or administrators through phishing or social engineering campaigns. Organizations with public-facing websites running vulnerable SeaCMS versions are at risk of targeted or opportunistic attacks. The impact is particularly relevant for sectors relying heavily on web presence and content integrity, such as media, e-commerce, education, and government institutions across Europe. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact and potential for subsequent attacks (e.g., injecting malicious scripts) could escalate the threat.
Mitigation Recommendations
European organizations should prioritize the following mitigations: 1) Upgrade SeaCMS to a version beyond 13.2 once an official patch is released; monitor vendor advisories closely. 2) Implement anti-CSRF tokens in all forms and state-changing requests within the CMS to ensure requests originate from legitimate users. 3) Employ Content Security Policy (CSP) headers to reduce the risk of malicious script execution resulting from CSRF-induced changes. 4) Educate administrators and users about phishing and social engineering risks to reduce the likelihood of user interaction with malicious content. 5) Restrict administrative access by IP whitelisting or VPN usage to limit exposure. 6) Monitor web server logs for unusual POST requests to /admin_type.php or other admin endpoints indicative of CSRF attempts. 7) Use web application firewalls (WAFs) configured to detect and block CSRF attack patterns. These steps go beyond generic advice by focusing on both immediate risk reduction and long-term secure development practices.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-6864: Cross-Site Request Forgery in SeaCMS
Description
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-6864 is a cross-site request forgery (CSRF) vulnerability identified in SeaCMS versions up to 13.2, specifically affecting an unspecified functionality within the /admin_type.php file. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to a web application, potentially causing unintended actions without the user's consent. In this case, the vulnerability can be exploited remotely without requiring any prior authentication or privileges, but it does require user interaction (such as clicking a malicious link or visiting a crafted webpage). The CVSS 4.0 base score is 5.3, indicating a medium severity level. The attack vector is network-based (remote), with low attack complexity and no privileges required. The vulnerability impacts the integrity of the system, as it may allow unauthorized commands or changes to be executed on behalf of the user, but does not affect confidentiality or availability directly. No known exploits are currently observed in the wild, and no patches or mitigations have been explicitly linked in the provided data. The vulnerability disclosure is recent (June 29, 2025), and public exploit code has been made available, increasing the risk of exploitation in the near term. SeaCMS is a content management system, and the affected admin functionality suggests that successful exploitation could lead to unauthorized administrative actions, potentially compromising the website's content or configuration.
Potential Impact
For European organizations using SeaCMS, this vulnerability poses a moderate risk. If exploited, attackers could perform unauthorized administrative actions by leveraging CSRF attacks, potentially leading to website defacement, unauthorized content changes, or configuration manipulation. This could damage organizational reputation, disrupt business operations, and expose sensitive data indirectly through altered content or misconfigurations. Since the vulnerability requires user interaction but no authentication, attackers could target employees or administrators through phishing or social engineering campaigns. Organizations with public-facing websites running vulnerable SeaCMS versions are at risk of targeted or opportunistic attacks. The impact is particularly relevant for sectors relying heavily on web presence and content integrity, such as media, e-commerce, education, and government institutions across Europe. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact and potential for subsequent attacks (e.g., injecting malicious scripts) could escalate the threat.
Mitigation Recommendations
European organizations should prioritize the following mitigations: 1) Upgrade SeaCMS to a version beyond 13.2 once an official patch is released; monitor vendor advisories closely. 2) Implement anti-CSRF tokens in all forms and state-changing requests within the CMS to ensure requests originate from legitimate users. 3) Employ Content Security Policy (CSP) headers to reduce the risk of malicious script execution resulting from CSRF-induced changes. 4) Educate administrators and users about phishing and social engineering risks to reduce the likelihood of user interaction with malicious content. 5) Restrict administrative access by IP whitelisting or VPN usage to limit exposure. 6) Monitor web server logs for unusual POST requests to /admin_type.php or other admin endpoints indicative of CSRF attempts. 7) Use web application firewalls (WAFs) configured to detect and block CSRF attack patterns. These steps go beyond generic advice by focusing on both immediate risk reduction and long-term secure development practices.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-28T10:51:49.575Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 686165336f40f0eb72846ea0
Added to database: 6/29/2025, 4:09:23 PM
Last enriched: 6/29/2025, 4:24:32 PM
Last updated: 7/13/2025, 3:03:31 PM
Views: 15
Related Threats
CVE-2025-7735: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in UNIMAX Hospital Information System
HighCVE-2025-7712: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MangaBooth Madara - Core
CriticalCVE-2025-7729: Cross Site Scripting in Scada-LTS
MediumCVE-2025-5396: CWE-94 Improper Control of Generation of Code ('Code Injection') in Bearsthemes Bears Backup
CriticalCVE-2025-7728: Cross Site Scripting in Scada-LTS
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.