Cross-Site Request Forgery in CodeAstro Expense Management System
CVE-2025-6478

5.3MEDIUM

Key Information:

Vendor

Codeastro

Status
Expense Management System
Vendor
CVE Published:
22 June 2025

What is CVE-2025-6478?

A vulnerability exists in the CodeAstro Expense Management System version 1.0 that permits an attacker to execute malicious commands on behalf of a user without their consent. This cross-site request forgery (CSRF) issue could be exploited remotely, allowing unauthorized actions to be carried out, thereby compromising the security of user data and operations. Administrators are urged to implement necessary safeguards to deter potential exploit attempts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Expense Management System 1.0

References

https://vuldb.com/?id.313586
vdb-entry
https://vuldb.com/?ctiid.313586
signaturepermissions-required
https://vuldb.com/?submit.600581
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yousufnihal (VulDB User)
JSON
.