CVE-2025-28355

Published: Apr 18, 2025Modified: Jun 20, 2025

4.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.6 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none

Affected (1)

Products: Personal Management System: Personal Management System

Personal Management System

1 product

Personal Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Personal Management System Personal Management System	Version 1.4.65

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (3)

https://github.com/Volmarg/personal-management-system

Source: cve@mitre.org

Product

https://github.com/Volmarg/personal-management-system/issues/149

Source: cve@mitre.org

Issue Tracking

https://github.com/abbisQQ/CVE-2025-28355/tree/main

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.