CVE-2025-61547 — MEDIUM (6.8)

Vulnerability Description

Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Edubusinesssolutions	Print Shop Pro Webdesk	18.34

Related Weaknesses (CWE)

CWE-352

References

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61547ExploitThird Party Advisory

FAQ

What is CVE-2025-61547?

CVE-2025-61547 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or ...

How severe is CVE-2025-61547?

CVE-2025-61547 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61547?

Check the references section above for vendor advisories and patch information. Affected products include: Edubusinesssolutions Print Shop Pro Webdesk.