Platform
wordpress
Component
co-marquage-service-public
Fixed in
0.5.78
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Co-marquage service-public.fr, a component used for co-branding on the service-public.fr platform. This vulnerability allows an attacker to execute unauthorized actions on behalf of an authenticated user. The vulnerability affects versions from 0.0.0 up to and including 0.5.77. A patch is expected to be released to address this issue.
The CSRF vulnerability in Co-marquage service-public.fr allows an attacker to trick a logged-in user into performing actions they did not intend to. This could involve modifying user settings, creating new content, or performing other actions that the user has permission to do. The impact is amplified if the user has administrative privileges, as an attacker could potentially gain control of the entire service. Successful exploitation could lead to data breaches, unauthorized modifications, and disruption of service.
The vulnerability was publicly disclosed on 2025-12-31. No public proof-of-concept (POC) code has been released at the time of writing. The vulnerability's impact is considered medium due to the potential for unauthorized actions, but the lack of public exploits suggests a lower probability of immediate exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62113 is to upgrade to a patched version of Co-marquage service-public.fr. Until a patch is available, consider implementing additional security measures such as implementing strict input validation and output encoding to prevent malicious data from being processed. Employing CSRF tokens on sensitive actions can also provide a temporary layer of protection. Review and strengthen authentication mechanisms to minimize the risk of unauthorized access.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62113 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–0.5.77 of the Co-marquage service-public.fr component, allowing attackers to forge requests.
If you are using Co-marquage service-public.fr versions between 0.0.0 and 0.5.77 (inclusive), you are potentially affected by this vulnerability.
Upgrade to a patched version of Co-marquage service-public.fr as soon as it becomes available. Until then, implement CSRF tokens and input validation.
There are currently no reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the official service-public.fr security advisories for updates and announcements regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.