CSRF Vulnerability in SourceCodester Product Expiry Management System
CVE-2025-63712

Currently unrated

Key Information:

Vendor

SourceCodester
Status
Product Expiry Management System
Vendor
CVE Published:
10 November 2025

What is CVE-2025-63712?

The SourceCodester Product Expiry Management System is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in its User Management module. This flaw allows remote attackers to delete arbitrary user accounts by exploiting the delete-user.php endpoint. The vulnerability arises because the module relies solely on session cookies for authentication and does not implement adequate CSRF protections, enabling attackers to send forged cross-origin GET requests that can compromise user accounts.

References

https://www.sourcecodester.com/php/17883/web-based-produc...
https://github.com/floccocam-cpu/CVE-Research-2025/blob/m...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.