CVE-2025-13177

Published: Nov 14, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Bdtask: Saleserp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bdtask Saleserp	Up to 2025-10-16

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (5)

https://github.com/4m3rr0r/PoCVulDb/issues/1

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.332467

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.332467

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.684819

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/4m3rr0r/PoCVulDb/issues/1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.