CVE-2025-15405
Published: 01 January 2026
Summary
CVE-2025-15405 is a medium-severity CSRF (CWE-352) vulnerability in Phpems Phpems. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 11.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-11 (Re-authentication).
Deeper analysis
CVE-2025-15405 is a cross-site request forgery (CSRF) vulnerability in PHPEMS versions up to 11.0. The flaw affects an unknown function, enabling remote manipulation that leads to CSRF attacks. It is associated with CWE-352 (Cross-Site Request Forgery) and CWE-862 (Missing Authorization), and carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with low integrity impact.
Remote attackers can exploit this vulnerability without requiring privileges by crafting malicious requests that trick authenticated users into performing unintended actions on the PHPEMS application. Exploitation requires user interaction, such as clicking a malicious link, but has low attack complexity and can occur over the network.
Advisories and a proof-of-concept are documented in references including VulDB entries (ctiid.339325, id.339325, submit.728314) and a blog post at byebydoggy.github.io/post/2025/1231-phpems-csrf-poc/. The vulnerability was published on 2026-01-01T15:15:40.777.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0017
Vulnerability details
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF requires user interaction via malicious link to trigger forged requests on authenticated session.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authorization checks on every request, blocking the unauthorized state-changing actions that define this CSRF flaw.
Requires cryptographic or token-based session binding that would invalidate forged cross-site requests targeting PHPEMS.
Forces re-authentication before sensitive actions, defeating CSRF exploits that rely on an existing authenticated session.