Plattform
php
Komponente
vulnerability-research-cvess
Behoben in
14.9.7
CVE-2025-23113 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in REDCap versions up to 14.9.6. An attacker can leverage a specially crafted CSV file containing an HTML injection payload within the alert-title field to trigger unintended actions. This can result in a user being unexpectedly logged out or redirected to a malicious phishing website, compromising their session and potentially sensitive data.
This CSRF vulnerability allows an attacker to perform actions on behalf of an authenticated REDCap user without their knowledge or consent. The primary impact is session termination, effectively logging the user out of REDCap. More critically, the attacker can redirect the user to a malicious website, potentially stealing credentials or installing malware. The attack vector involves tricking the user into uploading a specially crafted CSV file and then clicking on a link or element within the resulting page. The blast radius is limited to users who interact with the malicious CSV file and the subsequent alert-title element.
This vulnerability was publicly disclosed on January 10, 2025. There is no indication of active exploitation at this time. No entries are present on the CISA KEV catalog. Public proof-of-concept exploits are not currently available, but the nature of CSRF vulnerabilities makes it likely that one will emerge.
Organizations and individuals utilizing REDCap for data management and research are at risk, particularly those relying on older, unpatched versions (≤14.9.6). Shared hosting environments where multiple users access the same REDCap instance are also at increased risk, as a compromised user could potentially impact other users.
• php / web:
grep -r "action=myprojects&logout=1" /var/www/html/redcap/ | grep CSV• generic web:
curl -I https://your-redcap-instance.com/index.php?action=myprojects&logout=1 | grep -i "logout"disclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade REDCap to a version that includes the fix. If immediate upgrading is not possible, consider implementing strict input validation on CSV uploads to sanitize the alert-title field. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can provide an additional layer of protection. Educate users about the risks of opening CSV files from untrusted sources. After upgrade, confirm the vulnerability is resolved by attempting a CSRF attack with a test user account and verifying that the session remains active and no redirection occurs.
Aktualisieren Sie REDCap auf eine Version nach 14.9.6, um die CSRF-Schwachstelle zu beheben. Dies verhindert, dass ein Angreifer die Logout-Funktionalität ausnutzt oder Benutzer über den Upload bösartiger CSV-Dateien zu Phishing-Websites (Phishing Websites) umleitet.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-23113 is a Cross-Site Request Forgery (CSRF) vulnerability in REDCap versions 14.9.6 and earlier, allowing attackers to trigger unwanted actions like logout or redirection through malicious CSV uploads.
You are affected if you are using REDCap version 14.9.6 or earlier. Upgrade to a patched version to resolve the vulnerability.
Upgrade REDCap to a version with the fix. If upgrading is not immediately possible, implement a WAF rule to block requests containing the vulnerable parameter and educate users.
As of now, there are no confirmed reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the official REDCap security advisory for detailed information and updates regarding CVE-2025-23113.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.