CSRF in Circl Vulnerability-lookup

CVE-2025-42616

Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF toke…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (4.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References