CVE-2018-25127 MEDIUM

CVE-2018-25127: SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface

Vendor Soca Technology Co., Ltd
Product SOCA Access Control System
Weakness CWE-352 · CSRF
Published December 24, 2025
Last update December 24, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-39603 WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-1845 WP Post Styling < 1.3.1 - Multiple CSRF CVE-2025-49449 WordPress Interactive Regional Map of Africa plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2023-49844 WordPress WPPerformanceTester Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-47655 WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability