← back
CVE-2025-28355

CVE-2025-28355

CVSS 4.7 MEDIUMEPSS 0.2%CWE-352
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/abbisQQ/CVE-2025-28355/tree/mainhttps://github.com/Volmarg/personal-management-systemhttps://github.com/Volmarg/personal-management-system/issues/149