CVE-2025-12202
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ajayrandhawa | user-management-php-mysql | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12202 is a Cross-Site Request Forgery (CSRF) vulnerability in the ajayrandhawa User-Management-PHP-MYSQL web application. It occurs because the application does not properly verify whether requests are intentionally made by authenticated users. Attackers can craft malicious requests that, when executed by an authenticated user (such as an administrator), perform unauthorized actions like deleting users or changing user statuses. Exploitation requires the victim to interact with a malicious link or request, and it can be done remotely without authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on the user management system, such as deleting user accounts or changing user statuses without permission. Since these actions can be triggered remotely when an authenticated administrator interacts with a malicious link, it threatens the integrity of user data and administrative controls. There are no known patches or mitigations, so the risk remains until the product is replaced or secured. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying HTTP GET requests that perform critical operations such as deleting users or changing user statuses without CSRF protection. Monitoring for suspicious GET requests that trigger user management actions when an administrator is logged in can help detect exploitation attempts. Since the vulnerability involves unauthorized requests being sent to the web application, you can use network monitoring tools or web server logs to look for unusual or unexpected GET requests to user management endpoints. Specific commands are not provided in the resources, but general approaches include using tools like curl or browser developer tools to inspect requests, or using intrusion detection systems to flag suspicious GET requests that modify user data. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable product with an alternative that implements proper CSRF protections, as no patches or vendor mitigations currently exist. Additionally, restricting access to the user management interface to trusted networks or users, and educating administrators to avoid clicking on suspicious links can reduce risk. Implementing web application firewall (WAF) rules to block suspicious GET requests that perform state-changing operations may also help. Ultimately, since the vendor has not provided any fix, migration to a secure alternative is recommended. [1, 2]