CSRF in Opensolution Quickcms

CVE-2025-54541

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (7.7th percentile) — read the EPSS interpretation.

Affected products

Opensolution Quickcms — versions 6.8

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cert.pl/posts/2025/08/CVE-2025-54540 (third-party-advisory)
opensolution.org (product)