Platform
wordpress
Component
simple-link-directory
Opgelost in
8.8.4
CVE-2025-67465 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in QuantumCloud Simple Link Directory. This vulnerability allows an attacker to trick a user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the directory. The vulnerability impacts versions from 0.0.0 up to and including 8.8.3, and a patch is available in version 8.8.4.
A successful CSRF attack against Simple Link Directory could allow an attacker to modify directory entries, delete links, or perform other administrative actions as the logged-in user. The impact is directly proportional to the privileges of the user being targeted. For example, an administrator account could be compromised, granting the attacker full control over the directory and potentially the associated website. This could lead to data breaches, website defacement, or denial of service. While CSRF typically requires social engineering to trick a user into clicking a malicious link, automated attacks are also possible.
CVE-2025-67465 was publicly disclosed on December 9, 2025. There is no indication of active exploitation at this time, nor is it listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is currently unavailable, but the nature of CSRF vulnerabilities makes it likely that a PoC will emerge following public disclosure.
Websites utilizing QuantumCloud Simple Link Directory, particularly those with administrative interfaces accessible to a wide range of users, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially impact others.
• wordpress / composer / npm:
grep -r 'simple-link-directory/simple-link-directory' /var/www/html/• generic web:
curl -I https://your-website.com/simple-link-directory/ | grep -i 'referer'• wordpress / composer / npm:
wp plugin list | grep simple-link-directorydisclosure
Exploit Status
EPSS
0.02% (6% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-67465 is to upgrade Simple Link Directory to version 8.8.4 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing a Content Security Policy (CSP) to restrict the origins from which the directory can be loaded. Additionally, implement strict input validation and output encoding to prevent malicious scripts from being injected. Web Application Firewalls (WAFs) can be configured with CSRF protection rules to block suspicious requests. After upgrading, verify the fix by attempting to submit a request with a forged origin header and confirming that it is rejected.
Updateer naar versie 8.8.4, of een nieuwere gepatchte versie
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-67465 is a Cross-Site Request Forgery (CSRF) vulnerability affecting QuantumCloud Simple Link Directory versions 0.0.0–8.8.3, allowing attackers to perform unauthorized actions.
You are affected if you are using QuantumCloud Simple Link Directory versions 0.0.0 through 8.8.3. Upgrade to 8.8.4 to mitigate the risk.
Upgrade Simple Link Directory to version 8.8.4 or later. Consider implementing CSP and WAF rules as temporary mitigations.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests potential for future attacks.
Refer to the QuantumCloud security advisory for details and further instructions: [Replace with actual advisory URL when available]
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.