CVE-2025-13871

Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication.

CVSS

No CVSS.

References

Link	Resource
https://www.objectplanet.com/opinio/changelog.html

Configurations

No configuration.

History

02 Dec 2025, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-02 10:16

Updated : 2025-12-02 17:16

NVD link : CVE-2025-13871

Mitre link : CVE-2025-13871

CVE.ORG link : CVE-2025-13871

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-13871", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-02T10:16:01.687", "references": [{"url": "https://www.objectplanet.com/opinio/changelog.html", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) in the resource-management feature of \n\nObjectPlanet Opinio 7.26 rev12562\n\n allows\u00a0to upload \nfiles on behalf of the connected users and then access such files without authentication."}], "lastModified": "2025-12-02T17:16:29.163", "sourceIdentifier": "64c5ae8f-7972-4697-86a0-7ada793ac795"}

CVE-2025-13871

JSON object

Attach tags to CVE-2025-13871

Attach tags to `CVE-2025-13871`