CVE-2025-6865 MEDIUM

CVE-2025-6865: DaiCuo index cross-site request forgery

Vendor N/A
Product DaiCuo
Weakness CWE-352 · CSRF
Published June 29, 2025
Last update June 30, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 29, 2025 CVE published
June 30, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-1343 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'attach_rule' CVE-2025-11886 CTL Arcade Lite <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation CVE-2025-30888 WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2026-4968 SourceCodester Diary App diary.php cross-site request forgery CVE-2023-27424 WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF)