{"id":"CVE-2025-22963","details":"Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.","modified":"2025-11-16T15:12:43.632056Z","published":"2025-01-13T16:15:19.367Z","references":[{"type":"ADVISORY","url":"https://github.com/samplev45/CVE-2025-22963"},{"type":"ADVISORY","url":"https://github.com/sismics/docs/releases/tag/v1.11"},{"type":"PACKAGE","url":"https://github.com/sota70/teedy-v1.11-csrf"},{"type":"ARTICLE","url":"https://blog.teedy.io/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sismics/docs","events":[{"introduced":"0"},{"fixed":"59597e962d6b2929d3ec81269e3056e9b54f1a2e"}]}],"versions":["v1.0","v1.1","v1.10","v1.2","v1.3","v1.4","v1.5","v1.6","v1.7","v1.8","v1.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22963.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}