CVE-2025-13177

low-risk
Published 2025-11-14

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Saleserp

Affected Vendors

Bdtask

References (5)

Exploit https://github.com/4m3rr0r/PoCVulDb/issues/1
Permissions Required https://vuldb.com/?ctiid.332467
Third Party Advisory https://vuldb.com/?id.332467
Third Party Advisory https://vuldb.com/?submit.684819
Exploit https://github.com/4m3rr0r/PoCVulDb/issues/1
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal