Plattform
wordpress
Komponente
co-marquage-service-public
Behoben in
0.5.78
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Co-marquage service-public.fr, a component used for co-branding on the service-public.fr platform. This vulnerability allows an attacker to execute unauthorized actions on behalf of an authenticated user. The vulnerability affects versions from 0.0.0 up to and including 0.5.77. A patch is expected to be released to address this issue.
The CSRF vulnerability in Co-marquage service-public.fr allows an attacker to trick a logged-in user into performing actions they did not intend to. This could involve modifying user settings, creating new content, or performing other actions that the user has permission to do. The impact is amplified if the user has administrative privileges, as an attacker could potentially gain control of the entire service. Successful exploitation could lead to data breaches, unauthorized modifications, and disruption of service.
The vulnerability was publicly disclosed on 2025-12-31. No public proof-of-concept (POC) code has been released at the time of writing. The vulnerability's impact is considered medium due to the potential for unauthorized actions, but the lack of public exploits suggests a lower probability of immediate exploitation. It is not currently listed on the CISA KEV catalog.
Organizations and users relying on the Co-marquage service-public.fr component for co-branding on the service-public.fr platform are at risk. This includes website administrators and users who interact with the service, particularly those with elevated privileges.
• wordpress / composer / npm:
grep -r "emendo_seb/co-marquage-service-public" /var/www/html
wp plugin list | grep co-marquage-service-public• generic web:
curl -I https://service-public.fr/co-marquage | grep -i 'co-marquage'disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-62113 is to upgrade to a patched version of Co-marquage service-public.fr. Until a patch is available, consider implementing additional security measures such as implementing strict input validation and output encoding to prevent malicious data from being processed. Employing CSRF tokens on sensitive actions can also provide a temporary layer of protection. Review and strengthen authentication mechanisms to minimize the risk of unauthorized access.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle eingehend und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62113 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–0.5.77 of the Co-marquage service-public.fr component, allowing attackers to forge requests.
If you are using Co-marquage service-public.fr versions between 0.0.0 and 0.5.77 (inclusive), you are potentially affected by this vulnerability.
Upgrade to a patched version of Co-marquage service-public.fr as soon as it becomes available. Until then, implement CSRF tokens and input validation.
There are currently no reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the official service-public.fr security advisories for updates and announcements regarding this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.