CNNVD-202506-3694 Information

CNNVD ID

CNNVD-202506-3694

Related CVE

CVE-2025-24289

• CNNVD Published: 2025-06-29

Description (Chinese)

Ubiquiti UCRM Client Signup Plugin是美国优比快（Ubiquiti）公司的一个插件，用于实现客户注册功能并与UCRM系统集成。 Ubiquiti UCRM Client Signup Plugin 1.3.4及之前版本存在安全漏洞，该漏洞源于容易受到跨站请求伪造攻击，可能导致权限提升。

Description (English)

Ubiquiti UCRM Clarent Signup Plugin is a plugin for Ubiquiti to achieve customer registration and integration with the UCRM system. Ubiquiti UCRM Clit Signup Plugin 1.3.4 and previous versions have a security loophole, which stems from the vulnerability of cross-site requests to forge attacks, which may lead to increased authority.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

优比快

Published

2025-06-29

Last Modified

2026-02-24

References

https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d https://access.redhat.com/security/cve/cve-2025-24289

Patch

https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d