Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-6001

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

Published

2025-06-11T17:15:43.107

Last Modified

2025-06-12T16:06:20.180

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

Weaknesses

Type: Secondary
CWE-352

Affected Vendors & Products

References

https://blog.blacklanternsecurity.com/p/doomla-zero-days ([email protected])