CVE-2025-6001 – VirtueMart CSRF File Upload Bypass

CVE ID : CVE-2025-6001

Published : June 11, 2025, 5:15 p.m. | 1 hour, 43 minutes ago

Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…