What is the CVSS score of EUVD-2025-16779?

EUVD-2025-16779 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Wukongcrm are affected by EUVD-2025-16779?

Organizations using A vulnerability should be aware of moderate risk from CVE-2025-5521, a cross-site request forgery vulnerability rated CVSS 4.3.

Is there a public PoC exploit available for EUVD-2025-16779?

Yes, a public proof-of-concept exploit is available for EUVD-2025-16779. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-16779?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

Wukongcrm EUVD-2025-16779

| CVE-2025-5521 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2025-06-03 cna@vuldb.com

CSRF Wukongcrm

4.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.3 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16779

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

PoC Detected

Jun 09, 2025 - 15:12 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 19:15 nvd

MEDIUM 4.3

DescriptionCVE.org

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical ContextAI

Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).

RemediationAI

Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.

EUVD-2025-16779 vulnerability details – vuln.today

Back

Wukongcrm EUVD-2025-16779

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code