Cyber Resilience

CVE-2019-25451

MediumPublic PoC

Published: 20 February 2026

Published
20 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 23.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2019-25451 is a medium-severity SSRF (CWE-918) vulnerability in Phpmoadmin Phpmoadmin. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2019-25451 is a cross-site request forgery (CSRF) vulnerability in phpMoAdmin version 1.1.5. The flaw affects the moadmin.php component, where attackers can craft malicious GET requests using parameters such as action, db, and collection. This enables unauthorized database operations, including creating, dropping, or repairing databases and collections, without the authenticated user's consent.

Unauthenticated attackers can exploit this vulnerability over the network with low complexity by tricking authenticated users into submitting the malicious GET requests, such as through a phishing link or malicious webpage. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing full unauthorized control over targeted MongoDB operations via the victim's session.

Advisories, including one from VulnCheck, detail the CSRF issue in moadmin.php, while Exploit-DB hosts a proof-of-concept exploit (ID 46082). The phpMoAdmin homepage at phpmoadmin.com provides additional context on the software.

An exploit is publicly available, indicating potential for real-world abuse against exposed phpMoAdmin instances.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create,…

more

drop, or repair databases and collections without user consent.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

CSRF in public-facing MongoDB admin web app directly enables exploitation of the application (T1190) to perform unauthorized stored data manipulation and destruction via the victim's authenticated session.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-13195Shared CWE-918
CVE-2026-5052Shared CWE-918
CVE-2025-58045Shared CWE-918
CVE-2025-69299Shared CWE-918
CVE-2026-42398Shared CWE-918
CVE-2026-7025Shared CWE-918
CVE-2025-2691Shared CWE-918
CVE-2025-21385Shared CWE-918
CVE-2026-6625Shared CWE-918
CVE-2026-30118Shared CWE-918

Affected Assets

phpmoadmin
phpmoadmin
1.1.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of flaws like the CSRF vulnerability in phpMoAdmin 1.1.5, directly eliminating the issue through patching.

prevent

SC-23 mandates mechanisms such as anti-CSRF tokens to protect session authenticity, preventing attackers from forging requests that exploit valid user sessions.

prevent

SI-10 enforces validation of inputs like action, db, and collection parameters at entry points, blocking unauthorized CSRF-induced database operations.

References