CVE-2018-25127
Unknown Unknown - Not Provided
CSRF in SOCA Access Control Allows Unauthorized Admin Creation

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25127
EUVD
EUVD-2025-205353
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
soca access_control_system 4.0
soca_technology_co.,_ltd soca_access_control_system *
apache http_server 2.2.22
php php 5.4.13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in the SOCA Access Control System versions 180612, 170000, and 141007. It allows attackers to perform administrative actions without proper request validation by tricking logged-in users into visiting malicious websites. When a user visits such a site, the attacker can submit forged HTTP requests that the system accepts as legitimate, enabling actions like creating new admin accounts without authorization. [1, 2]

Impact Analysis

The vulnerability can lead to unauthorized administrative control over the SOCA Access Control System. An attacker can add new admin accounts or perform other privileged actions by exploiting the CSRF flaw, potentially compromising the security of access control devices such as proximity and fingerprint readers, electric locks, and keyless entry systems. This could result in unauthorized physical access and manipulation of security settings. [1, 2]

Detection Guidance

Detection can involve monitoring HTTP requests to the vulnerable endpoint Permission/Insert_Permission.php for unauthorized or suspicious POST requests that attempt to create admin accounts. You can use network traffic analysis tools like Wireshark or tcpdump to capture HTTP traffic and filter for POST requests to this endpoint. Additionally, reviewing web server logs for unexpected POST requests to Permission/Insert_Permission.php with JSON data specifying new admin credentials can help identify exploitation attempts. There is no specific command provided, but commands like 'tcpdump -i <interface> -A -s 0 port 80' or 'grep "POST /Permission/Insert_Permission.php" /var/log/apache2/access.log' can be useful starting points. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable web interface to trusted networks only, implementing CSRF protection mechanisms such as tokens to validate requests, and educating users to avoid visiting untrusted websites while logged into the system. Additionally, monitoring and blocking suspicious POST requests to Permission/Insert_Permission.php can help prevent exploitation. If possible, update or patch the SOCA Access Control System to a version that addresses this vulnerability. [1, 2]

Compliance Impact

This vulnerability allows unauthorized administrative actions through CSRF, potentially leading to unauthorized access and control over sensitive security systems. Such unauthorized access could result in violations of compliance requirements related to data protection and access control mandated by standards like GDPR and HIPAA, as these regulations require strict controls to prevent unauthorized administrative access and protect sensitive data. Therefore, exploitation of this vulnerability could negatively impact compliance with these standards by undermining the integrity and security of access control systems. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart