Published
2025-08-06 12:00
In the handling of Contact profile-images, there is a vulnerability to cross-site request forgery.
Security Risk
Moderately Critical
Vulnerability
Cross Site Request Forgery
Affected Versions
CiviCRM 6.4.0 and earlier
Fixed Versions
CiviCRM versions 6.4.1, 6.5.0, and 5.81.4 (ESR)
Publication Date
Solutions
Upgrade to a fixed version of CiviCRM
Credits
Dave D
Coleman Watts (CiviCRM)
Seamus Lee (JMA Consulting)
Tim Otten (CiviCRM)
References
security/core!195
