{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T13:52:15.239","vulnerabilities":[{"cve":{"id":"CVE-2025-25967","sourceIdentifier":"cve@mitre.org","published":"2025-03-03T19:15:35.400","lastModified":"2025-03-06T12:25:50.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests."},{"lang":"es","value":"La versión 10.1.1 de Acora CMS es vulnerable a Cross-Site Request Forgery (CSRF). Esta falla permite a los atacantes engañar a los usuarios autenticados para que realicen acciones no autorizadas, como la eliminación de cuentas o la creación de usuarios, mediante la incorporación de solicitudes maliciosas en contenido externo. La falta de protección CSRF permite la explotación mediante solicitudes manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ddsn:acora_cms:10.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FEA57E21-C43F-4273-A2B2-6DE0D9991F97"}]}]}],"references":[{"url":"https://github.com/padayali-JD/CVE-2025-25967","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}