CVE-2025-55744 MEDIUM

CVE-2025-55744: UnoPim vulnerable to CSRF on Product edit feature and creation of other types

Vendor Unopim
Product unopim
Weakness CWE-352 · CSRF
Published August 21, 2025
Last update August 21, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

Key dates

02Disclosure timeline

August 21, 2025 CVE published
August 21, 2025 Record updated