UnoPim vulnerable to CSRF on Product edit feature and creation...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

Basic Information

ID CVE-2025-55744

Source GitHub_M

Published Aug 21, 2025 at 15:51

Affected Product

Vendor unopim

Product unopim

Version < 0.2.1

Affected Versions unopim unopim < 0.2.1

CWE Classification

CWE-352

References

{
    "lastseen": "",
    "description": "UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.",
    "published": "2025-08-21T15:51:43.126Z",
    "modified": "2025-08-21T15:51:43.126Z",
    "type": "cve",
    "title": "UnoPim vulnerable to CSRF on Product edit feature and creation of other types",
    "source": "GitHub_M",
    "references": "https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw\nhttps://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ",
    "id": "CVE-2025-55744",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "unopim unopim < 0.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "unopim",
    "version": "< 0.2.1",
    "vendor": "unopim",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

UnoPim vulnerable to CSRF on Product edit feature and creation of other types_CVE-2025-55744