Cross-Site Request Forgery in OpenText Web Site Management Server
CVE-2025-13671

5.9MEDIUM

Key Information:

Vendor: Opentext™
Status: Web Site Management Server
Vendor: CVE Published:; 19 February 2026

What is CVE-2025-13671?

A Cross-Site Request Forgery vulnerability exists in OpenText™ Web Site Management Server that could allow attackers to perform unauthorized actions on behalf of authenticated users. Malicious web pages can leverage this vulnerability to execute actions within the application without the user's consent, potentially altering content or settings without the user's awareness. Users with active sessions are particularly at risk when visiting compromised or untrusted sites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Web Site Management Server 16.7.0

Web Site Management Server 16.7.1

References

https://support.opentext.com/csm/en?id=ot_kb_unauthentica...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Nov 25, 2025

Credit

Mario Tesoro

JSON

Opentext™