Platform
php
Component
vulnerability-research-cvess
Fixed in
14.9.7
CVE-2025-23113 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in REDCap versions up to 14.9.6. An attacker can leverage a specially crafted CSV file containing an HTML injection payload within the alert-title field to trigger unintended actions. This can result in a user being unexpectedly logged out or redirected to a malicious phishing website, compromising their session and potentially sensitive data.
The primary impact of CVE-2025-23113 is session hijacking and potential phishing attacks. An attacker could craft a CSV file containing a malicious HTML payload within the alert-title field. When a user uploads this file and clicks on the alert-title value, a logout request is triggered, effectively terminating their session. Alternatively, the attacker could redirect the user to a phishing website designed to steal their credentials. The blast radius is limited to users who interact with the uploaded CSV file and click on the injected link. This vulnerability highlights the importance of proper CSRF protection, particularly in applications handling user-uploaded content.
CVE-2025-23113 was publicly disclosed on 2025-01-10. There are currently no known public proof-of-concept exploits available. The vulnerability has a LOW CVSS score, indicating a relatively low probability of exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-23113 is to upgrade REDCap to a version that includes the security fix. Vulnerable versions are those equal to or earlier than 14.9.6. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests containing the action=myprojects&logout=1 parameter. Additionally, carefully scrutinize all CSV files uploaded to REDCap and educate users about the risks of clicking on suspicious links within uploaded data. After upgrading, confirm the fix by attempting to trigger the logout sequence with a crafted CSV file and verifying that the action is blocked.
Update REDCap to a version later than 14.9.6 to fix the CSRF (Cross-Site Request Forgery) vulnerability. This will prevent an attacker from exploiting the logout functionality or redirecting users to phishing websites by uploading malicious CSV files.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-23113 is a Cross-Site Request Forgery (CSRF) vulnerability in REDCap versions 14.9.6 and earlier, allowing attackers to trigger unwanted actions like logout or redirection through malicious CSV uploads.
You are affected if you are using REDCap version 14.9.6 or earlier. Upgrade to a patched version to resolve the vulnerability.
Upgrade REDCap to a version with the fix. If upgrading is not immediately possible, implement a WAF rule to block requests containing the vulnerable parameter and educate users.
As of now, there are no confirmed reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the official REDCap security advisory for detailed information and updates regarding CVE-2025-23113.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.