CVE-2025-9747 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Koillection versions up to 1.6.18. The vulnerability resides in an unspecified function within the file assets/controllers/csrf_protection_controller.js, which is responsible for handling CSRF protection. The flaw allows an attacker to craft malicious requests that can be executed remotely without requiring authentication or elevated privileges. The vulnerability exploits the application's inadequate CSRF protection mechanism, enabling an attacker to trick authenticated users into submitting unwanted actions on their behalf. The vendor has addressed this issue in version 1.7.0 by switching to a newer, stateless token-based CSRF handling approach, which improves the robustness of the protection against such attacks. The CVSS v4.0 score is 5.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges, no user authentication, but does require user interaction (e.g., clicking a malicious link). The impact on confidentiality is none, integrity is low, and availability is none, indicating that the primary risk is unauthorized actions performed by legitimate users without their consent. No known exploits are currently reported in the wild, but the exploit details have been publicly disclosed, increasing the risk of exploitation if unpatched. This vulnerability is relevant for any organization using Koillection versions 1.6.0 through 1.6.18, especially those exposing the application to external users or integrating it into web-facing services.

For European organizations, the CSRF vulnerability in Koillection could lead to unauthorized actions being performed on behalf of legitimate users, potentially resulting in data manipulation, unauthorized transactions, or configuration changes depending on the application's functionality. While the confidentiality impact is minimal, the integrity of data and operations could be compromised, leading to operational disruptions or reputational damage. Organizations in sectors with strict data protection regulations, such as finance, healthcare, or government, could face compliance issues if such unauthorized actions result in data breaches or service disruptions. The medium severity rating suggests a moderate risk, but the ease of exploitation via social engineering (e.g., phishing emails with malicious links) increases the threat level. Since the vulnerability requires user interaction, user awareness and training also play a role in mitigating risk. The absence of known active exploits currently reduces immediate risk but does not eliminate the threat, especially as exploit code is publicly available. European organizations using affected Koillection versions should prioritize patching to prevent potential exploitation that could impact service integrity and trust.

1. Immediate upgrade to Koillection version 1.7.0 or later, which includes the patched CSRF protection mechanism using stateless tokens. 2. Implement additional CSRF defenses such as SameSite cookie attributes (Strict or Lax) to reduce the risk of CSRF attacks via cross-site requests. 3. Conduct user training and awareness campaigns to educate users about the risks of clicking unsolicited links or visiting untrusted websites while authenticated to critical applications. 4. Employ web application firewalls (WAFs) with rules designed to detect and block suspicious CSRF attack patterns targeting Koillection endpoints. 5. Review and minimize the use of persistent authentication cookies and ensure secure cookie flags (HttpOnly, Secure) are set to reduce session hijacking risks that could compound CSRF attacks. 6. Monitor application logs for unusual or unauthorized actions that could indicate attempted or successful exploitation. 7. For organizations unable to immediately upgrade, consider implementing temporary mitigations such as CSRF token validation at the application level or restricting access to the vulnerable application to trusted networks until patched.