CVE-2025-6001

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://blog.blacklanternsecurity.com/p/doomla-zero-days

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la función de carga de imágenes de productos de VirtueMart que omite el token de protección CSRF. Un atacante puede manipular una solicitud CSRF especial que permite la carga sin restricciones de archivos en el administrador de medios de VirtueMart.

11 Jun 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-11 17:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-6001

Mitre link : CVE-2025-6001

CVE.ORG link : CVE-2025-6001

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.3 /10