Cross-Site Request Forgery in REDCap 14.9.6 by VendoR
CVE-2025-23113

3.4LOW

Key Information:

Vendor: Vanderbilt
Status: Redcap
Vendor: CVE Published:; 10 January 2025

What is CVE-2025-23113?

An issue was discovered in REDCap 14.9.6 where an unprotected CSRF vulnerability allows an attacker to exploit the alert-title during CSV file uploads. By sending a specially crafted CSV file containing an HTML injection payload, an attacker can manipulate the victim's session. Upon uploading the malicious CSV, the victim is directed to a page that triggers a logout request or redirects to a phishing site when clicking the alert-title. This vulnerability arises due to the lack of CSRF protections on logout functionality, potentially compromising user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

REDCap 14.9.6

References

https://github.com/ping-oui-no/Vulnerability-Research-CVE...

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 10, 2025

JSON

Vanderbilt

What is CVE-2025-23113?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.