CVE-2025-3687

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CVSS v3 4.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/misstt123/oasys/issues/11	Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.304976	Permissions Required VDB Entry
https://vuldb.com/?id.304976	Third Party Advisory VDB Entry
https://vuldb.com/?submit.553429	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:misstt123:oasys:1.0:*:*:*:*:*:*:*

History

25 Jun 2025, 18:52

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad clasificada como problemática en misstt123 oasys 1.0. Este problema afecta a una funcionalidad desconocida del componente Sticky Notes Handler. Esta manipulación provoca Cross-Site Request Forgery. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado. Este producto utiliza una versión continua para garantizar una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas.
References	~~() https://github.com/misstt123/oasys/issues/11 -~~	() https://github.com/misstt123/oasys/issues/11 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://vuldb.com/?ctiid.304976 -~~	() https://vuldb.com/?ctiid.304976 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.304976 -~~	() https://vuldb.com/?id.304976 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.553429 -~~	() https://vuldb.com/?submit.553429 - Third Party Advisory, VDB Entry
First Time		Misstt123 oasys Misstt123
CPE		cpe:2.3:a:misstt123:oasys:1.0:::::::*

16 Apr 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-16 12:15

Updated : 2025-06-25 18:52

NVD link : CVE-2025-3687

Mitre link : CVE-2025-3687

CVE.ORG link : CVE-2025-3687

JSON object : View

Products Affected

misstt123

oasys

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization

{"id": "CVE-2025-3687", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-16T12:15:17.267", "references": [{"url": "https://github.com/misstt123/oasys/issues/11", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.304976", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.304976", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.553429", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en misstt123 oasys 1.0. Este problema afecta a una funcionalidad desconocida del componente Sticky Notes Handler. Esta manipulaci\u00f3n provoca Cross-Site Request Forgery. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto utiliza una versi\u00f3n continua para garantizar una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas."}], "lastModified": "2025-06-25T18:52:43.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:misstt123:oasys:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16D3DCC-787D-4FB0-B1DD-4B8CBA106162"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2025-3687

4.3^/10

5.0^/10

Attach tags to `CVE-2025-3687`