CVE-2025-67315
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-04-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anuj_kumar | employee_leaves_management_system | 2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Employee Leave Management System version 2.1, specifically in the admin panel's manage-employee.php component. It allows a remote attacker to trick a logged-in administrator into unknowingly sending a forged request that can inactivate an employee account by exploiting the 'inid' parameter. The attack requires the admin to visit a malicious page, which then submits a hidden form to perform the unauthorized action without the admin's consent. [2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized deactivation of employee accounts, potentially disrupting operations, especially if critical or privileged accounts are disabled. It can cause integrity and availability issues within the system, as legitimate employee accounts may be inactivated without authorization. The attack requires only that an admin is logged in and visits a malicious URL, making it relatively easy to exploit and potentially combined with other vulnerabilities for greater impact. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by intercepting and analyzing requests to the manageemployee.php component in the admin panel, specifically looking for POST requests containing the 'inid' parameter used to inactivate employee accounts. Using a proxy tool like Burp Suite, you can capture and inspect these requests. To verify the vulnerability, you can create a CSRF Proof of Concept (PoC) HTML page that submits a forged request with the 'inid' parameter to inactivate an employee. Detection involves confirming that such requests succeed without CSRF tokens or origin validation. Commands or tools to assist include using Burp Suite to intercept HTTP requests, curl commands to simulate POST requests with the 'inid' parameter, and checking server responses for successful inactivation. Example curl command to test the vulnerability: curl -X POST -d "inid=1" http://<target>/elms/admin/manageemployee.php -b "session_cookie=your_admin_session_cookie" [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implementing CSRF tokens in all state-changing requests, embedding cryptographically secure tokens in forms and validating them server-side. 2) Setting session cookies with SameSite=Lax or SameSite=Strict attributes to prevent cross-site requests from sending cookies. 3) Ensuring that state-changing operations use POST (or PUT/DELETE) HTTP methods rather than GET. 4) Validating Origin and Referer headers on sensitive endpoints to confirm requests come from trusted domains. 5) Adding server-side confirmation or re-authentication for sensitive actions and enforcing strict authorization checks to ensure only authorized users can perform these actions. Additionally, integrate CSRF testing into regular security assessments and re-test after applying fixes. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.