CVE-2018-25133 MEDIUM

CVE-2018-25133: Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface

Vendor Synaccess Networks Inc.

Product netBooter NP-0801DU

Weakness CWE-352 · CSRF

Published December 24, 2025

Last update December 24, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administrators into loading a malicious page.

Key dates

02Disclosure timeline

December 24, 2025 CVE published

December 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25133 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-9630 WP SinoType <= 1.0 - Cross-Site Request Forgery CVE-2024-52421 WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability CVE-2023-51407 WordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-8481 Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery CVE-2022-44737 WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities