CVE-2025-63711 — HIGH (7.1)

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST requests containing a user_id parameter and does not enforce request origin or anti-CSRF tokens. Because the endpoint lacks proper authentication/authorization checks and CSRF protections, a remote attacker can craft a malicious page that triggers deletion when visited by an authenticated admin, resulting in arbitrary removal of user accounts.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Lerouxyxchire	Client Database Management System	1.0

Related Weaknesses (CWE)

CWE-352

References

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63711/READExploitMitigationThird Party Advisory
https://www.sourcecodester.com/php/17514/client-database-management-system.htmlProduct

FAQ

What is CVE-2025-63711?

CVE-2025-63711 is a vulnerability with a CVSS score of 7.1 (HIGH). A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion ...

How severe is CVE-2025-63711?

CVE-2025-63711 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63711?

Check the references section above for vendor advisories and patch information. Affected products include: Lerouxyxchire Client Database Management System.