CVE-2025-4661012.05.2025, 15:16ARTEC EMA Mail 6.92 allows CSRF.CSRFEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.8 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP8.8 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 3%Common Weakness EnumerationCWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Referenceshttps://www.artec-it.com/en-us/ema.htmlhttps://www.syss.de/pentest-blog/csrf-und-xss-schwachstelle-in-ema-mail-von-artec-it-solutions-syss-2025-020/-021