CVE-2025-27910
Published: 10 March 2025
Summary
CVE-2025-27910 is a high-severity CSRF (CWE-352) vulnerability in Tianti Project Tianti. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires protections for communications session authenticity, directly preventing CSRF attacks by ensuring forged requests to /user/ajax/upd/status are rejected.
SI-10 mandates validation of information inputs, enabling verification of anti-CSRF tokens or origin headers in crafted GET/POST requests to block unauthorized operations.
SI-2 ensures timely identification, reporting, and remediation of flaws like the CSRF vulnerability in tianti v2.3's /user/ajax/upd/status component.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF vulnerability in user management endpoints (/user/ajax/save, /user/ajax/upd/status) enables exploitation of the web application to perform unauthorized add, edit, delete, and restore operations on accounts, including creating administrator accounts, facilitating account manipulation and creation.
NVD Description
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.
Deeper analysisAI
CVE-2025-27910, published on 2025-03-10, is a Cross-Site Request Forgery (CSRF) vulnerability (CWE-352) in tianti version 2.3, specifically affecting the /user/ajax/upd/status component. The issue enables attackers to execute arbitrary operations via a crafted GET or POST request. It carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and potential for significant impacts on confidentiality, integrity, and availability.
Exploitation targets authenticated users with low privileges who can be socially engineered into performing an action, such as clicking a malicious link or submitting a forged form that triggers the vulnerable endpoint. An attacker does not need direct access but relies on user interaction to forge requests on the victim's behalf, allowing arbitrary operations that could compromise the victim's account or system resources.
Mitigation details are available in the referenced advisory at https://github.com/xujeff/tianti/issues/39.
Details
- CWE(s)