Vulnerability Description
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpems | Phpems | <= 11.0 |
Related Weaknesses (CWE)
References
- https://byebydoggy.github.io/post/2025/1231-phpems-csrf-poc/ExploitThird Party Advisory
- https://vuldb.com/?ctiid.339325Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.339325Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.728314Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15405?
CVE-2025-15405 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.
How severe is CVE-2025-15405?
CVE-2025-15405 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15405?
Check the references section above for vendor advisories and patch information. Affected products include: Phpems Phpems.