CVE-2025-63711

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-63711
A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST requests containing a user_id parameter and does not enforce request origin or anti-CSRF tokens. Because the endpoint lacks proper authentication/authorization checks and CSRF protections, a remote attacker can craft a malicious page that triggers deletion when visited by an authenticated admin, resulting in arbitrary removal of user accounts.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63711/README3.md Exploit Mitigation Third Party Advisory
https://www.sourcecodester.com/php/17514/client-database-management-system.html Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:lerouxyxchire:client_database_management_system:1.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-11-10 15:15

Updated : 2025-11-17 18:16

NVD link : CVE-2025-63711

Mitre link : CVE-2025-63711

CVE.ORG link : CVE-2025-63711

JSON object : View

Products Affected

lerouxyxchire

  • client_database_management_system
CWE
CWE-352

Cross-Site Request Forgery (CSRF)