{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13790","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-11-29T20:33:29.818Z","datePublished":"2025-11-30T14:32:06.199Z","dateUpdated":"2026-02-24T06:38:24.040Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T06:38:24.040Z"},"title":"Scada-LTS cross-site request forgery","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-352","lang":"en","description":"Cross-Site Request Forgery"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-862","lang":"en","description":"Missing Authorization"}]}],"affected":[{"vendor":"n/a","product":"Scada-LTS","versions":[{"version":"2.7.8.0","status":"affected"},{"version":"2.7.8.1","status":"affected"}],"cpes":["cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-11-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-11-29T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-12-05T17:32:14.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"sh7err02 (VulDB User)","type":"reporter"},{"lang":"en","value":"VulDB","type":"coordinator"}],"references":[{"url":"https://vuldb.com/?id.333794","name":"VDB-333794 | Scada-LTS cross-site request forgery","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.333794","name":"VDB-333794 | CTI Indicators (IOB, IOC)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.690871","name":"Submit #690871 | SCADA-LTS Project  Scada-LTS <=1cfaed4b35117e4871bc3dfeae073f61d8e3bb3d Cross-Site Request Forgery (CSRF)","tags":["third-party-advisory"]},{"url":"https://github.com/Xzzz111/exps/blob/main/archives/Scada-LTS-CSRF-1/report.md","tags":["broken-link"]},{"url":"https://github.com/Xzzz111/exps/blob/main/archives/Scada-LTS-CSRF-1/report.md#proof-of-concept","tags":["broken-link","exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-01T15:45:19.134879Z","id":"CVE-2025-13790","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-01T15:46:04.184Z"}}]}}