CVE-2025-59428 | EspoCRM up to 9.1.8 Article api/v1/User body cross-site request forgery

A vulnerability was found in EspoCRM up to 9.1.8. It has been classified as problematic. This issue affects some unknown processing of the file api/v1/User of the component Article Handler. The manipulation of the argument body leads to cross-site request forgery.

This vulnerability is uniquely identified as CVE-2025-59428. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More