CVE-2019-25313
CSRF in FlexNet Publisher 11.12.1 Enables Unauthorized Admin Creation
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| revenera | flexnet_publisher | to 11.12.1 (inc) |
| flexera | flexnet_publisher | 11.12.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
FlexNet Publisher version 11.12.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to create local administrative user accounts without authentication.
An attacker can craft a malicious HTML form that tricks an authenticated user into submitting a request which creates a new local admin account with a predefined password.
This vulnerability arises due to insufficient CSRF protections in the user creation functionality of FlexNet Publisher 11.12.1.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized creation of local administrative user accounts on the affected system.
An attacker can escalate privileges by adding an admin user without needing authentication or proper authorization.
This could allow attackers to gain control over the system, potentially leading to further malicious activities or compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized creation of local administrative user accounts on FlexNet Publisher 11.12.1 systems. Specifically, detection involves checking for suspicious HTTP POST requests to the /users endpoint that include parameters such as userType=local-admin, userName, firstName, lastName, password2, confirm, and accountType=admin.'}, {'type': 'paragraph', 'content': 'Network monitoring tools or web server logs can be inspected for such POST requests that may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "Using grep to search web server logs for POST requests to /users with admin creation parameters, e.g., `grep -i 'POST /users' /var/log/apache2/access.log | grep 'userType=local-admin'`"}, {'type': 'list_item', 'content': 'Checking system user accounts for unexpected new local admin users, e.g., `cat /etc/passwd | grep admin` or `getent passwd | grep admin`'}, {'type': 'list_item', 'content': 'Monitoring for unusual HTTP traffic with tools like tcpdump or Wireshark filtering for POST requests to the vulnerable endpoint.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the FlexNet Publisher web interface to trusted users only and disabling or limiting user account creation functionality if possible.
Implementing CSRF protections such as requiring anti-CSRF tokens on forms that create administrative users can prevent exploitation.
Additionally, monitoring and auditing user account creation events can help detect unauthorized changes early.
If available, applying patches or updates from the vendor that address this vulnerability is strongly recommended.