CVE-2025-48497

Summary

Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered.

Affected Software

VendorProductVersion RangeStatus
iroha Soft Co., Ltd.iroha Boardversions v0.10.12 and earlieraffected

Weaknesses

  • CWE-352: Cross-site request forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References