Cross-Site Request Forgery in misstt123 Oasys 1.0
CVE-2025-3687

4.3MEDIUM

Key Information:

Vendor: misstt123
Status: Oasys
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-3687?

A security issue has been identified in the Oasys 1.0 product developed by misstt123, specifically within the Sticky Notes Handler component. This vulnerability allows an attacker to exploit inconsistencies in the application's request handling, leading to potential unauthorized actions by users without their consent. The nature of this flaw makes it feasible for attackers to launch remote attacks, leveraging the manipulated requests to perform actions on behalf of unsuspecting users. As the product is under continuous delivery, there is a lack of specific version details for both affected and patched releases, underscoring the urgency for users to address this vulnerability promptly.

References

https://github.com/misstt123/oasys/issues/11

https://vuldb.com/?ctiid.304976

https://vuldb.com/?id.304976

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025