CVE-2025-9747 — MEDIUM (4.3)

Q: How severe is CVE-2025-9747?

CVE-2025-9747 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-9747?

Check the references section above for vendor advisories and patch information. Affected products include: Benjaminjonard Koillection.

Vulnerability Description

A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token."

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Benjaminjonard	Koillection	< 1.7.0

Related Weaknesses (CWE)

CWE-862 CWE-352

References

https://github.com/benjaminjonard/koillection/commit/9ab8562d3f1e953da93fed63f9ePatch
https://github.com/benjaminjonard/koillection/issues/1393ExploitIssue TrackingThird Party Advisory
https://github.com/benjaminjonard/koillection/issues/1393#issue-3347724086ExploitIssue TrackingThird Party Advisory
https://github.com/benjaminjonard/koillection/issues/1393#issuecomment-321731007ExploitIssue TrackingThird Party Advisory
https://github.com/benjaminjonard/koillection/releases/tag/1.7.0Release Notes
https://vuldb.com/?ctiid.322047Permissions RequiredVDB Entry
https://vuldb.com/?id.322047Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.640421Third Party AdvisoryVDB Entry
https://github.com/benjaminjonard/koillection/issues/1393ExploitIssue TrackingThird Party Advisory
https://github.com/benjaminjonard/koillection/issues/1393#issue-3347724086ExploitIssue TrackingThird Party Advisory
https://github.com/benjaminjonard/koillection/issues/1393#issuecomment-321731007ExploitIssue TrackingThird Party Advisory

FAQ

What is CVE-2025-9747?

CVE-2025-9747 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request ...

How severe is CVE-2025-9747?

CVE-2025-9747 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-9747?

Check the references section above for vendor advisories and patch information. Affected products include: Benjaminjonard Koillection.