CVE-2025-15405

Summary

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.

Affected Software

VendorProductVersion RangeStatus
n/aPHPEMS11.0affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery
  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References