High
CVSS 7.5
Overview
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.
CVE-2025-22963
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 7.5 (HIGH)
- Detected tags: csrf (tag impact: MODERATE)
Recommended actions:
- CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.