Impact
The vulnerability in UBB.threads is a classic Cross‑Site Request Forgery (CSRF) flaw (CWE-352) arising from the absence of protective mechanisms. An attacker can lure a logged‑in user into executing an action without the user’s intent, leading to unauthorized changes or actions executed with the victim’s privileges.
Affected Systems
The flaw has been confirmed in UBB Systems’ UBB.threads version 7.7.5, and it may also be present in other, earlier or later releases.
Risk and Exploitability
The CVSS score of 8.6 classifies this as high severity. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack path requires an attacker to persuade a legitimate user to access a crafted link or submit a malicious request, which then triggers an action on the target system under the user’s authenticated session. Without remedial code, affected deployments are vulnerable to potentially arbitrary operations performed in the users’ names.
OpenCVE Enrichment