What is CVE-2025-15405?

CVE-2025-15405 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 5.3.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2025-15405

MEDIUM5.3/ 10.0

Published: January 1, 2026 at 03:15 PM

Modified: January 13, 2026 at 08:38 PM

Source: cna@vuldb.com

Vulnerability Description

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.

CVSS Metrics

Base Score

5.3

Severity

MEDIUM

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses (CWE)

CWE-352

CWE-862

Source: cna@vuldb.com

CWE-352

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

PHPEMS versions up to 11.0 are vulnerable to a Cross-Site Request Forgery (CSRF) attack. This allows a malicious actor to perform unauthorized actions on behalf of a legitimate user, potentially leading to data compromise or system takeover if the affected function controls critical functionality.

02 // Vulnerability Mechanism

Step 1: Victim Interaction: The attacker crafts a malicious link or HTML snippet containing a specially crafted request to the vulnerable PHPEMS function.

Step 2: Social Engineering: The attacker lures a logged-in PHPEMS user into clicking the malicious link or visiting a webpage containing the malicious HTML.

Step 3: Request Execution: The victim's browser, unaware of the malicious intent, automatically sends the crafted request to the PHPEMS server. This is possible because the request originates from the same domain as the victim's active PHPEMS session.

Step 4: Unauthorized Action: The PHPEMS server processes the malicious request, performing the unauthorized action (e.g., changing user settings, creating new accounts, modifying data) on behalf of the victim.

Step 5: Attack Completion: The attacker achieves their objective, potentially gaining control of the victim's account or compromising the system.

03 // Deep Technical Analysis

The vulnerability lies within an unspecified function in PHPEMS. The root cause is a lack of proper CSRF protection, such as the absence of or improper implementation of CSRF tokens or insufficient validation of the origin of incoming requests. This allows an attacker to craft malicious requests that are executed by a victim's browser without their knowledge or consent. The specific function's purpose is unknown, but its exploitation leads to unauthorized actions within the PHPEMS application. The lack of proper input validation or authorization checks exacerbates the issue, allowing attackers to manipulate data or trigger unintended behavior.