Plateforme
other
Composant
t-soft-e-commerce
Corrigé dans
28112025.0.1
CVE-2025-13296 describes a Cross-Site Request Forgery (CSRF) vulnerability present in Tekrom Technology Inc.'s T-Soft E-Commerce platform. This vulnerability allows attackers to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. The vulnerability impacts versions of T-Soft E-Commerce from 0 through 28112025, and a patch is available in version 28112025.0.1.
A successful CSRF attack could allow an attacker to modify user accounts, change product prices, place fraudulent orders, or perform other administrative actions as the victim user. The impact is directly tied to the permissions of the compromised user account. For example, an attacker could leverage this vulnerability to escalate privileges if the victim is an administrator. The blast radius is limited to the scope of the user's access within the e-commerce platform. While CSRF typically requires social engineering to trick a user into clicking a malicious link, automated attacks are possible if the attacker can identify predictable URLs or patterns within the application.
CVE-2025-13296 was publicly disclosed on December 1, 2025. There is no indication of active exploitation or KEV listing at the time of writing. No public proof-of-concept (PoC) code has been released. The CVSS score is 5.4 (MEDIUM), indicating a moderate level of severity.
Organizations using T-Soft E-Commerce for their online storefronts are at risk, particularly those running vulnerable versions (0–28112025). Shared hosting environments where multiple customers share the same T-Soft E-Commerce instance are also at increased risk, as a compromise of one customer could potentially impact others.
disclosure
Statut de l'Exploit
EPSS
0.02% (percentile 5%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-13296 is to upgrade T-Soft E-Commerce to version 28112025.0.1 or later. If an immediate upgrade is not feasible, consider implementing CSRF protection mechanisms such as synchronizer tokens or double-submit cookies. Web Application Firewalls (WAFs) can be configured to detect and block suspicious CSRF requests based on patterns and anomalies. Review and strengthen user input validation to prevent unexpected behavior. Educate users about the risks of clicking on suspicious links and opening untrusted attachments.
Mettez à jour T-Soft E-Commerce à une version ultérieure à 28112025 ou appliquez le correctif fourni par le fournisseur. Consultez l'avis de sécurité du fournisseur pour obtenir des instructions détaillées sur la mise à jour ou l'application du correctif. Implémentez des mesures de protection CSRF dans votre application.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-13296 is a Cross-Site Request Forgery (CSRF) vulnerability allowing attackers to perform unauthorized actions in T-Soft E-Commerce.
You are affected if you are using T-Soft E-Commerce versions 0 through 28112025.
Upgrade to version 28112025.0.1 or implement CSRF protection mechanisms like synchronizer tokens.
There is currently no evidence of active exploitation.
Refer to the official T-Soft E-Commerce advisory for detailed information and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.