CVE-2025-29722

Published: Apr 17, 2025Modified: Apr 23, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.

Affected (1)

Products: Yassmittal: Commercify

Yassmittal

1 product

Commercify

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yassmittal Commercify	Version 1.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://github.com/cypherdavy/CVE-2025-29722

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/yassmittal/Commercify

Source: cve@mitre.org

Product

Timeline

No history available yet.