CVE-2025-6001 HIGH

CVE-2025-6001: VirtueMart - Cross Site Request Forgery (CSRF)

Vendor Virtuemart

Product VirtueMart

Weakness CWE-352 · CSRF

Published June 11, 2025

Last update June 11, 2025

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

Key dates

02Disclosure timeline

June 11, 2025 CVE published

June 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6001 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-57970 WordPress SALESmanago Plugin <= 3.8.1 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2018-25310 VideoFlow Digital Video Protection DVP 2.10 - Authenticated Remote Code Execution CVE-2025-62120 WordPress OpenHook plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-57977 WordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2025-23797 WordPress WP Options Editor plugin <= 1.1 - CSRF to Privilege Escalation vulnerability