Platform
other
Component
flexnet-publisher
Fixed in
11.12.2
CVE-2019-25313 describes a cross-site request forgery (XSRF) vulnerability affecting FlexNet Publisher versions 11.12.1. This vulnerability allows an attacker to create administrative user accounts without requiring authentication, potentially granting them unauthorized access and control over the system. The vulnerability was published on 2026-02-11, and a patch is currently unavailable, requiring alternative mitigation strategies.
The primary impact of CVE-2019-25313 is the ability for an attacker to create new administrative accounts within FlexNet Publisher without any authentication. This can be achieved by crafting a malicious HTML form that tricks an authenticated user into unknowingly submitting a request to create the new account. Once created, the attacker can use these credentials to gain full administrative privileges, allowing them to modify configurations, access sensitive data, and potentially compromise the entire system. The blast radius extends to any data managed by FlexNet Publisher, including licensing information and software deployment details. Successful exploitation could lead to significant disruption of operations and data breaches.
The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting limited active exploitation at this time. The vulnerability's severity is rated as MEDIUM, indicating a moderate risk of exploitation. Further investigation and monitoring are recommended to assess the evolving threat landscape.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
Due to the absence of a patch for CVE-2019-25313, mitigation strategies focus on reducing the attack surface and minimizing the potential impact. Implement strict access controls, limiting the number of users with administrative privileges. User awareness training is crucial to educate users about the risks of XSRF attacks and how to avoid falling victim to malicious requests. Consider implementing a Web Application Firewall (WAF) with XSRF protection rules to filter out malicious requests. Regularly review user accounts and permissions to identify and remove any unauthorized accounts. While a direct fix is unavailable, diligent monitoring and proactive security measures are essential.
Update FlexNet Publisher to a version later than 11.12.1. Consult the Flexera Software website for the latest version and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25313 is a cross-site request forgery vulnerability in FlexNet Publisher 11.12.1 that allows attackers to create admin accounts without authentication.
If you are running FlexNet Publisher version 11.12.1, you are potentially affected by this vulnerability.
A patch is currently unavailable. Mitigate by implementing strict access controls, user awareness training, and a WAF with XSRF protection.
While public exploits are limited, the vulnerability remains a potential risk and requires ongoing monitoring.
Refer to the Flexera security advisory for details: [https://www.flexera.com/security-advisories/](https://www.flexera.com/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.