Cross-Site Request Forgery in SourceCodester Simple Public Chat Room

CVE-2025-63710

What is CVE-2025-63710?

The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is susceptible to Cross-Site Request Forgery (CSRF). The application lacks crucial CSRF protection mechanisms, such as tokens, nonces, or same-site cookie restrictions. This flaw enables an attacker to craft a malicious HTML page that, when accessed by an authenticated user, can trigger an unauthorized POST request to the vulnerable endpoint. As a result, actions can be performed on behalf of the user, including sending unintended messages within any chat room hosted by the application.

References