What is the CVSS score of CVE-2025-5521?

CVE-2025-5521 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Wukongcrm are affected by CVE-2025-5521?

Organizations using A vulnerability should be aware of moderate risk from CVE-2025-5521, a cross-site request forgery vulnerability rated CVSS 4.3.

Is there a public PoC exploit available for CVE-2025-5521?

Yes, a public proof-of-concept exploit is available for CVE-2025-5521. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-5521?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

Wukongcrm CVE-2025-5521

EUVD-2025-16779 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2025-06-03 cna@vuldb.com

CSRF Wukongcrm

4.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.3 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16779

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

PoC Detected

Jun 09, 2025 - 15:12 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 19:15 nvd

MEDIUM 4.3

DescriptionCVE.org

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical ContextAI

Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).

RemediationAI

Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.

CVE-2025-5521 vulnerability details – vuln.today

Back

Wukongcrm CVE-2025-5521

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code