CVE-2025-5033

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK Exploit Issue Tracking
https://vuldb.com/?ctiid.309853 Permissions Required VDB Entry
https://vuldb.com/?id.309853 Third Party Advisory VDB Entry
https://vuldb.com/?submit.580729 Third Party Advisory VDB Entry
https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:teacms_project:teacms:2.0.2:*:*:*:*:*:*:*

History

20 Jun 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad clasificada como problemática en XiaoBingby TeaCMS 2.0.2. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo src/main/java/me/teacms/controller/admin/UserManageController/addUser. La manipulación provoca Cross-Site Request Forgery. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
First Time Teacms Project
Teacms Project teacms
CPE cpe:2.3:a:teacms_project:teacms:2.0.2:*:*:*:*:*:*:*
References () https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK - () https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.309853 - () https://vuldb.com/?ctiid.309853 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.309853 - () https://vuldb.com/?id.309853 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.580729 - () https://vuldb.com/?submit.580729 - Third Party Advisory, VDB Entry

21 May 2025, 19:16

Type Values Removed Values Added
References () https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK - () https://gitee.com/xiaobingby/TeaCMS/issues/IBYRPK -

21 May 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-21 18:15

Updated : 2025-06-20 16:15


NVD link : CVE-2025-5033

Mitre link : CVE-2025-5033

CVE.ORG link : CVE-2025-5033


JSON object : View

Products Affected

teacms_project

  • teacms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization