CVE-2025-9747 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Koillection versions up to 1.6.18. The vulnerability resides in an unspecified function within the file assets/controllers/csrf_protection_controller.js, which is responsible for handling CSRF protection. The flaw allows an attacker to craft malicious requests that can be executed remotely without requiring authentication or prior privileges. The vulnerability exploits the application's inadequate CSRF token handling, enabling an attacker to trick an authenticated user into submitting unauthorized requests to the application. This can result in unauthorized state-changing actions being performed on behalf of the user. The vendor has addressed this issue in version 1.7.0 by switching to a newer, stateless token-based CSRF protection mechanism, which improves the robustness of the defense against such attacks. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges, no user authentication, but does require user interaction (e.g., clicking a malicious link). The impact on confidentiality is none, integrity impact is low, and availability impact is none. No known exploits are currently in the wild, but the exploit details have been publicly disclosed, increasing the risk of exploitation. The vulnerability affects all versions from 1.6.0 through 1.6.18 inclusive.

For European organizations using Koillection versions up to 1.6.18, this vulnerability poses a risk of unauthorized actions being performed on their web applications without their consent. While the confidentiality and availability impacts are negligible, the integrity of user actions and application state can be compromised. This could lead to unauthorized changes such as data manipulation, configuration changes, or other state-altering operations depending on the application's functionality. Organizations handling sensitive or critical workflows through Koillection could face operational disruptions or reputational damage if attackers exploit this vulnerability. Given that the exploit requires user interaction, phishing or social engineering campaigns could be used to trigger the attack. The medium severity rating indicates a moderate risk, but the public disclosure of the exploit code increases the urgency for remediation. European organizations with public-facing Koillection deployments or those integrated into critical business processes should prioritize patching to prevent potential abuse.

1. Immediate upgrade to Koillection version 1.7.0 or later, which implements a stateless token-based CSRF protection mechanism, is the most effective mitigation. 2. If immediate upgrade is not feasible, implement additional CSRF protections at the web server or application firewall level, such as validating the Origin and Referer headers to block suspicious cross-origin requests. 3. Employ Content Security Policy (CSP) headers to restrict the sources of executable scripts and reduce the risk of malicious script injection that could facilitate CSRF attacks. 4. Educate users and administrators about the risks of phishing and social engineering attacks that could trigger CSRF exploits, emphasizing cautious behavior with unsolicited links. 5. Monitor web application logs for unusual or unauthorized state-changing requests that could indicate exploitation attempts. 6. Consider implementing multi-factor authentication and additional user verification steps for sensitive operations within Koillection to reduce the impact of CSRF attacks.