CVE-2025-63716
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rems | leads_manager_tool | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the SourceCodester Leads Manager Tool v1.0. It means that the application does not have protections like anti-CSRF tokens or same-origin checks, allowing attackers to trick authenticated users into performing unauthorized actions without their consent.
How can this vulnerability impact me? :
The vulnerability can allow attackers to perform unauthorized state-changing operations on behalf of legitimate users. This could lead to unwanted changes in data or application state, potentially compromising the integrity and security of the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, implement CSRF protection mechanisms such as adding anti-CSRF tokens to critical endpoints and enforcing same-origin verification to prevent unauthorized state-changing operations.