CSRF in Circl Vulnerability-lookup
CVE-2025-42616
Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF toke…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.001 (4.2th percentile) — read the EPSS interpretation.
Affected products
- Circl Vulnerability-lookup — versions 0
Weakness classification (CWE)
References
- a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 (vendor-advisory)