Cross-Site Request Forgery in REDCap 14.9.6 by VendoR
CVE-2025-23113
8.8HIGH
What is CVE-2025-23113?
An issue was discovered in REDCap 14.9.6 where an unprotected CSRF vulnerability allows an attacker to exploit the alert-title during CSV file uploads. By sending a specially crafted CSV file containing an HTML injection payload, an attacker can manipulate the victim's session. Upon uploading the malicious CSV, the victim is directed to a page that triggers a logout request or redirects to a phishing site when clicking the alert-title. This vulnerability arises due to the lack of CSRF protections on logout functionality, potentially compromising user sessions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published