Home

Description

Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.

PUBLISHED Reserved 2025-06-19 | Published 2025-07-02 | Updated 2025-07-02 | Assigner Fluid Attacks




HIGH: 8.5CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

2.3.0 (custom)
affected

References

fluidattacks.com/advisories/tort exploit

fluidattacks.com/advisories/tort third-party-advisory

github.com/mohaiminur/laundry product

cve.org (CVE-2025-52841)

nvd.nist.gov (CVE-2025-52841)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.