{"id":"CVE-2025-65573","details":"Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to cause a denial of service via function handle_interface_POST_and_status.","modified":"2026-04-10T05:34:06.349009Z","published":"2025-12-09T19:15:49.657Z","references":[{"type":"WEB","url":"https://github.com/AllskyTeam/allsky/blob/master/html/includes/dashboard_LAN.php"},{"type":"WEB","url":"https://github.com/AllskyTeam/allsky/blob/master/html/includes/dashboard_WLAN.php"},{"type":"WEB","url":"https://github.com/AllskyTeam/allsky/blob/master/html/includes/functions.php"},{"type":"PACKAGE","url":"https://github.com/AllskyTeam/allsky"},{"type":"EVIDENCE","url":"https://gh0stmezh.wordpress.com/2025/12/05/cve-2025-65573/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/AllskyTeam/allsky","events":[{"introduced":"0"},{"last_affected":"171b15cac1eb5ec972fea85e596ab8e2b74e2ba1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2024.12.06_06"}]}}],"versions":["V0.2","V0.4","v0.5","v0.6","v0.7","v2022.03.01","v2023.05.01","v2023.05.01_03","v2023.05.01_04","v2023.05.01_05","v2024.12.06","v2024.12.06_01","v2024.12.06_02","v2024.12.06_03","v2024.12.06_04","v2024.12.06_05","v2024.12.06_06"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65573.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}