Platform
other
Component
t-soft-e-commerce
Fixed in
28112025.0.1
CVE-2025-13296 describes a Cross-Site Request Forgery (CSRF) vulnerability present in Tekrom Technology Inc.'s T-Soft E-Commerce platform. This vulnerability allows attackers to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. The vulnerability impacts versions of T-Soft E-Commerce from 0 through 28112025, and a patch is available in version 28112025.0.1.
A successful CSRF attack could allow an attacker to modify user accounts, change product prices, place fraudulent orders, or perform other administrative actions as the victim user. The impact is directly tied to the permissions of the compromised user account. For example, an attacker could leverage this vulnerability to escalate privileges if the victim is an administrator. The blast radius is limited to the scope of the user's access within the e-commerce platform. While CSRF typically requires social engineering to trick a user into clicking a malicious link, automated attacks are possible if the attacker can identify predictable URLs or patterns within the application.
CVE-2025-13296 was publicly disclosed on December 1, 2025. There is no indication of active exploitation or KEV listing at the time of writing. No public proof-of-concept (PoC) code has been released. The CVSS score is 5.4 (MEDIUM), indicating a moderate level of severity.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13296 is to upgrade T-Soft E-Commerce to version 28112025.0.1 or later. If an immediate upgrade is not feasible, consider implementing CSRF protection mechanisms such as synchronizer tokens or double-submit cookies. Web Application Firewalls (WAFs) can be configured to detect and block suspicious CSRF requests based on patterns and anomalies. Review and strengthen user input validation to prevent unexpected behavior. Educate users about the risks of clicking on suspicious links and opening untrusted attachments.
Update T-Soft E-Commerce to a version later than 28112025 or apply the patch provided by the vendor. Refer to the vendor's security advisory for detailed instructions on updating or patching. Implement CSRF protection measures in your application.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13296 is a Cross-Site Request Forgery (CSRF) vulnerability allowing attackers to perform unauthorized actions in T-Soft E-Commerce.
You are affected if you are using T-Soft E-Commerce versions 0 through 28112025.
Upgrade to version 28112025.0.1 or implement CSRF protection mechanisms like synchronizer tokens.
There is currently no evidence of active exploitation.
Refer to the official T-Soft E-Commerce advisory for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.