{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:47:36.455","vulnerabilities":[{"cve":{"id":"CVE-2025-6001","sourceIdentifier":"cves@blacklanternsecurity.com","published":"2025-06-11T17:15:43.107","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la función de carga de imágenes de productos de VirtueMart que omite el token de protección CSRF. Un atacante puede manipular una solicitud CSRF especial que permite la carga sin restricciones de archivos en el administrador de medios de VirtueMart."}],"metrics":{"cvssMetricV31":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://blog.blacklanternsecurity.com/p/doomla-zero-days","source":"cves@blacklanternsecurity.com"}]}}]}