CVE-2025-7133
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codeastro | online_movie_ticket_booking_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7133 is a Cross-Site Request Forgery (CSRF) vulnerability in version 1.0 of the CodeAstro Online Movie Ticket Booking System. It allows an attacker to trick an authenticated user into submitting malicious requests without their consent, such as covertly searching records or performing other unauthorized actions. This happens because the system does not properly verify whether a request was intentionally made by the user. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to perform unauthorized actions on your behalf within the online movie ticket booking system without your knowledge or consent. For example, attackers could initiate unintended operations like unauthorized ticket purchases or data searches, compromising the integrity of your interactions with the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring for unauthorized or unexpected POST requests to the Login Page of the CodeAstro Online Movie Ticket Booking System version 1.0. Since the vulnerability allows attackers to coerce authenticated users into submitting malicious POST requests, network traffic analysis tools like Wireshark or command-line tools such as tcpdump can be used to capture and inspect HTTP POST requests to the login endpoint. Additionally, reviewing web server logs for unusual POST requests or unexpected actions triggered without user initiation can help detect exploitation attempts. Specific commands might include: 1) tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' to capture HTTP POST traffic; 2) grep 'POST /login' /var/log/apache2/access.log to find POST requests to the login page. However, no explicit detection commands or tools are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected CodeAstro Online Movie Ticket Booking System version 1.0 with an alternative solution, as no known mitigations or countermeasures have been identified. Additionally, implementing standard CSRF protections such as adding anti-CSRF tokens to forms, validating the origin of requests, and enforcing user interaction verification can help prevent exploitation. Restricting or monitoring POST requests to sensitive endpoints and educating users about the risks of interacting with untrusted links may also reduce risk. Since the vulnerability allows remote exploitation without authentication, applying web application firewalls (WAF) rules to detect and block suspicious POST requests could be beneficial until a secure version or patch is available. [2]