CVE-2019-25313
Awaiting Analysis Awaiting Analysis - Queue
CSRF in FlexNet Publisher 11.12.1 Enables Unauthorized Admin Creation

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account with a predefined password.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25313
EUVD
EUVD-2019-19506
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
revenera flexnet_publisher to 11.12.1 (inc)
flexera flexnet_publisher 11.12.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

FlexNet Publisher version 11.12.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to create local administrative user accounts without authentication.

An attacker can craft a malicious HTML form that tricks an authenticated user into submitting a request which creates a new local admin account with a predefined password.

This vulnerability arises due to insufficient CSRF protections in the user creation functionality of FlexNet Publisher 11.12.1.

Impact Analysis

This vulnerability can lead to unauthorized creation of local administrative user accounts on the affected system.

An attacker can escalate privileges by adding an admin user without needing authentication or proper authorization.

This could allow attackers to gain control over the system, potentially leading to further malicious activities or compromise.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized creation of local administrative user accounts on FlexNet Publisher 11.12.1 systems. Specifically, detection involves checking for suspicious HTTP POST requests to the /users endpoint that include parameters such as userType=local-admin, userName, firstName, lastName, password2, confirm, and accountType=admin.'}, {'type': 'paragraph', 'content': 'Network monitoring tools or web server logs can be inspected for such POST requests that may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "Using grep to search web server logs for POST requests to /users with admin creation parameters, e.g., `grep -i 'POST /users' /var/log/apache2/access.log | grep 'userType=local-admin'`"}, {'type': 'list_item', 'content': 'Checking system user accounts for unexpected new local admin users, e.g., `cat /etc/passwd | grep admin` or `getent passwd | grep admin`'}, {'type': 'list_item', 'content': 'Monitoring for unusual HTTP traffic with tools like tcpdump or Wireshark filtering for POST requests to the vulnerable endpoint.'}] [3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the FlexNet Publisher web interface to trusted users only and disabling or limiting user account creation functionality if possible.

Implementing CSRF protections such as requiring anti-CSRF tokens on forms that create administrative users can prevent exploitation.

Additionally, monitoring and auditing user account creation events can help detect unauthorized changes early.

If available, applying patches or updates from the vendor that address this vulnerability is strongly recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25313. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart