Cross-Site Request Forgery in CodeAstro Expense Management System
CVE-2025-6478

5.3MEDIUM

Key Information:

Vendor: Codeastro
Status: Expense Management System
Vendor: CVE Published:; 22 June 2025

What is CVE-2025-6478?

A vulnerability exists in the CodeAstro Expense Management System version 1.0 that permits an attacker to execute malicious commands on behalf of a user without their consent. This cross-site request forgery (CSRF) issue could be exploited remotely, allowing unauthorized actions to be carried out, thereby compromising the security of user data and operations. Administrators are urged to implement necessary safeguards to deter potential exploit attempts.

Affected Version(s)

Expense Management System 1.0

References

https://vuldb.com/?id.313586

vdb-entry

https://vuldb.com/?ctiid.313586

signaturepermissions-required

https://vuldb.com/?submit.600581

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2025
Vulnerability Reserved
Jun 21, 2025

Credit

yousufnihal (VulDB User)

Codeastro

What is CVE-2025-6478?

Affected Version(s)

References

CVSS V4

Timeline

Credit