CVE-2025-15405
Published: 01 January 2026
Summary
CVE-2025-15405 is a medium-severity CSRF (CWE-352) vulnerability in Phpems Phpems. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring an access control policy ensures authorization checks are defined and applied for critical functions.
Reviews of access controls detect missing authorization checks on critical functions or resources.
Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.
Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.
Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.
Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.
The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.
Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF requires user interaction via malicious link to trigger forged requests on authenticated session.
NVD Description
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.
Deeper analysisAI
CVE-2025-15405 is a cross-site request forgery (CSRF) vulnerability in PHPEMS versions up to 11.0. The flaw affects an unknown function, enabling remote manipulation that leads to CSRF attacks. It is associated with CWE-352 (Cross-Site Request Forgery) and CWE-862 (Missing Authorization), and carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with low integrity impact.
Remote attackers can exploit this vulnerability without requiring privileges by crafting malicious requests that trick authenticated users into performing unintended actions on the PHPEMS application. Exploitation requires user interaction, such as clicking a malicious link, but has low attack complexity and can occur over the network.
Advisories and a proof-of-concept are documented in references including VulDB entries (ctiid.339325, id.339325, submit.728314) and a blog post at byebydoggy.github.io/post/2025/1231-phpems-csrf-poc/. The vulnerability was published on 2026-01-01T15:15:40.777.
Details
- CWE(s)