CVE-2021-47723 identifies a cross-site request forgery (XSRF) vulnerability within STVS ProVision versions 5.9.10–5.9.10. This flaw allows malicious actors to execute unauthorized actions, specifically the creation of new administrative users, by leveraging unvalidated HTTP requests. The vulnerability was publicly disclosed on December 9, 2025, and mitigation strategies are advised until a patch is available.
The primary impact of CVE-2021-47723 is the potential for unauthorized administrative account creation. An attacker could craft a malicious website or email containing a forged HTTP request that, when visited by a legitimate administrator, would trigger the creation of a new admin account under the attacker's control. This grants the attacker full administrative privileges within the STVS ProVision system, enabling them to modify configurations, access sensitive data, and potentially compromise the entire environment. The blast radius extends to any data or functionality accessible by an administrator, making this a high-severity concern.
Public information regarding active exploitation of CVE-2021-47723 is currently limited. The vulnerability is not listed on the CISA KEV catalog as of December 9, 2025. The availability of a public proof-of-concept (POC) is unknown, but the XSRF nature of the vulnerability suggests that exploitation is relatively straightforward if a user is tricked into visiting a malicious site.
Organizations utilizing STVS ProVision version 5.9.10–5.9.10 are at risk, particularly those where administrative access is not tightly controlled or where users are susceptible to phishing attacks. Shared hosting environments or deployments with weak security awareness training are especially vulnerable.
disclosure
漏洞利用状态
EPSS
0.03% (9% 百分位)
CISA SSVC
Without a specific patch available, mitigation focuses on reducing the attack surface and limiting the potential impact. Implement strict input validation on all HTTP requests to ensure that data originates from trusted sources. Employ robust session management techniques, such as requiring re-authentication for sensitive operations. Consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, further mitigating the risk of forged requests. Regularly review and audit user access controls to identify and remove any unnecessary privileges.
升级 STVS ProVision 到已修复的版本以缓解跨站请求伪造 (CSRF) 漏洞。请参阅供应商文档或支持渠道以获取有关可用更新和安装说明的信息。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2021-47723 is a cross-site request forgery (XSRF) vulnerability affecting STVS ProVision versions 5.9.10–5.9.10, allowing attackers to perform actions as administrators.
If you are running STVS ProVision version 5.9.10–5.9.10, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
Upgrade to a patched version of STVS ProVision when available. Until then, implement mitigation strategies like input validation and robust session management.
Currently, there is no confirmed public information about active exploitation of CVE-2021-47723, but the vulnerability's nature suggests potential for exploitation.
Refer to the official STVS ProVision website or security advisories for updates and information regarding CVE-2021-47723.