CVE-2025-63711
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-11-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lerouxyxchire | client_database_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the SourceCodester Client Database Management System 1.0. It allows an attacker to trick an authenticated administrative user into unknowingly performing user deletion actions. The user deletion endpoint accepts POST requests with a user_id parameter but lacks protections like anti-CSRF tokens or proper authentication checks. As a result, a malicious webpage can cause an admin to delete user accounts without their consent.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized deletion of user accounts by an attacker without the administrator's consent. This can disrupt service, cause data loss, and potentially impact the integrity and availability of the system's user data.