Cross-Site Request Forgery Vulnerability in Panilux by Personal Project
CVE-2025-11022

9.6CRITICAL

Key Information:

Vendor: Personal Project
Status: Panilux
Vendor: CVE Published:; 9 December 2025

🔔 Create Personal Project Vulnerability Alert

What is CVE-2025-11022?

A Cross-Site Request Forgery (CSRF) vulnerability has been detected in Panilux, a product from Personal Project, allowing attackers to execute unauthorized commands. This vulnerability specifically impacts versions prior to 0.10.0 of the software, and the vendor has stated they do not claim ownership of the affected product. Organizations using this version should take steps to mitigate the risk associated with this security concern.

Affected Version(s)

Panilux 0

References

https://www.usom.gov.tr/bildirim/tr-25-0433

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Sep 26, 2025

Credit

Ahmet Ümit BAYRAM

JSON