CVE-2025-13871

Summary

Cross-Site Request Forgery (CSRF) in the resource-management feature of

ObjectPlanet Opinio 7.26 rev12562

allows to upload files on behalf of the connected users and then access such files without authentication.

Affected Software

VendorProductVersion RangeStatus
ObjectPlanetOpinio7.26 rev12562affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References