CVE-2025-60645 Blast Radius

MEDIUM • CVSS 6.5A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.

Is Your Infrastructure Using These Packages?

EchelonGraph automatically scans your cloud infrastructure and SBOMs to map your exposure to vulnerabilities like CVE-2025-60645.

Start Free Scan →← Back to CVE-2025-60645