Cross-Site Request Forgery in yzk2356911358 StudentServlet-JSP
CVE-2025-3037

5.3MEDIUM

Key Information:

Vendor
Yzk2356911358
Status
Studentservlet-jsp
Vendor
CVE Published:
31 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability has been discovered in yzk2356911358 StudentServlet-JSP that allows for cross-site request forgery (CSRF) attacks. This flaw can be exploited remotely, enabling an attacker to manipulate the application's requests without the user's consent. The ongoing rolling release model of the product means version information is not available, highlighting the importance of immediate mitigation strategies for users to safeguard their installations against potential unauthorized actions.

Affected Version(s)

StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5

StudentServlet-JSP d4d7a0643f1dae908a4831206f2714b21820f991

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3037 - Proof of Concept

References

https://vuldb.com/?id.302098
vdb-entry
https://vuldb.com/?ctiid.302098
signaturepermissions-required
https://vuldb.com/?submit.524631
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

TTTlw1024 (VulDB User)
.