CSRF in Objectplanet Opinio

CVE-2025-13871

Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then access such files without authentication.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Objectplanet Opinio — versions 7.26 rev12562

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

www.objectplanet.com/opinio/changelog.html (release-notes)