CVE-2025-11022

CRITICAL 9.6

CSRF in Panilux

CVSS Score

9.6

EPSS Score

0.0%

EPSS Percentile

11th

Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownership of the mentioned product.

CWE	CWE-352
Vendor	personal project
Product	panilux
Published	Dec 9, 2025
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for personal project panilux

Be the first to know when new critical vulnerabilities affecting personal project panilux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Personal Project / Panilux

0 < v.0.10.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-25-0433 siberguvenlik.gov.tr: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0433

Credits

Ahmet Ümit BAYRAM