CVE-2025-23044 — MEDIUM (6.8)

Q: How severe is CVE-2025-23044?

CVE-2025-23044 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-23044?

Check the references section above for vendor advisories and patch information. Affected products include: Pwndoc Project Pwndoc.

Vulnerability Description

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Pwndoc Project	Pwndoc	< 0.9.0

Related Weaknesses (CWE)

CWE-352

References

https://github.com/pwndoc/pwndoc/commit/14acb704891245bf1703ce6296d62112e85aa995Patch
https://github.com/pwndoc/pwndoc/security/advisories/GHSA-9v2v-jxvw-52rqExploitVendor Advisory

FAQ

What is CVE-2025-23044?

CVE-2025-23044 is a vulnerability with a CVSS score of 6.8 (MEDIUM). PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the m...

How severe is CVE-2025-23044?

CVE-2025-23044 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-23044?

Check the references section above for vendor advisories and patch information. Affected products include: Pwndoc Project Pwndoc.