{"id":64814,"date":"2025-08-29T01:51:07","date_gmt":"2025-08-29T01:51:07","guid":{"rendered":""},"modified":"2025-09-10T18:12:37","modified_gmt":"2025-09-11T00:12:37","slug":"cve-2025-50902-cross-site-request-forgery-vulnerability-in-old-peanut-open-shop","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-50902-cross-site-request-forgery-vulnerability-in-old-peanut-open-shop\/","title":{"rendered":"CVE-2025-50902: Cross Site Request Forgery Vulnerability in old-peanut Open-Shop<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-50902 vulnerability is a severe Cross-Site Request Forgery (CSRF) flaw found in the old-peanut Open-Shop, known also as old-peanut\/wechat_applet__open_source, up to version 1.0.0. CSRF vulnerabilities allow attackers to manipulate victims into performing actions they do not intend to do, potentially leading to data leakage or system compromise. This vulnerability is of particular concern to businesses and individuals using this software for their e-commerce activities, as it could lead to unauthorized access and manipulation of sensitive data<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-50902
\nSeverity: High (8.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n