RomM 4.4.0 - Critical XSS/CSRF Vulnerability Discovered
Significant risk β action recommended within 24-48 hours
Basically, a flaw in RomM lets attackers change admin passwords if they trick users into clicking a link.
A critical vulnerability in RomM 4.4.0 allows attackers to take over admin accounts via XSS and CSRF. Users must update to version 4.4.1 to avoid risks. Stay safe!
The Flaw
RomM version 4.4.0 has a critical vulnerability identified as CVE-2025-65027. This flaw combines Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), enabling attackers to take over admin accounts. The vulnerability arises from the ability to upload malicious files and reuse CSRF tokens, bypassing SameSite cookie protections.
What's at Risk
The vulnerability primarily affects users of RomM who have an authenticated account, even with a viewer role. If exploited, an attacker can change the password of an admin account, leading to unauthorized access and control over the application.
Patch Status
The vendor has released an update, RomM version 4.4.1, which addresses this vulnerability. Users are strongly advised to upgrade to this version to secure their accounts against potential exploits.
Immediate Actions
To protect yourself from this vulnerability, follow these steps:
- Update to RomM version 4.4.1 immediately.
- Monitor your account for any unauthorized changes.
- Educate users about the risks of clicking on unknown links, especially those that could lead to malicious file uploads.
Technical Details
The exploit requires the attacker to have an authenticated account on RomM. They can upload a malicious HTML file as their profile avatar, which contains a script that changes the admin's password when the link is accessed. Hereβs a brief overview of how the attack works:
- The attacker logs in and obtains their CSRF token.
- They upload a crafted HTML file that executes a password change upon being opened by an admin user.
- If successful, the attacker can gain full control over the admin account.
Conclusion
This vulnerability underscores the importance of keeping software up to date and being cautious with file uploads and links. Users of RomM should act quickly to mitigate the risks associated with this critical flaw.
π How to Check If You're Affected
- 1.Check for any unauthorized changes to admin accounts.
- 2.Review logs for suspicious file uploads.
- 3.Ensure all users are on the latest version of RomM.
πΊοΈ MITRE ATT&CK Techniques
π Pro insight: This vulnerability exemplifies the risks of inadequate CSRF protections in web applications, necessitating robust security practices.