Plateforme
other
Composant
flexnet-publisher
Corrigé dans
11.12.2
CVE-2019-25313 describes a cross-site request forgery (XSRF) vulnerability affecting FlexNet Publisher versions 11.12.1. This vulnerability allows an attacker to create administrative user accounts without requiring authentication, potentially granting them unauthorized access and control over the system. The vulnerability was published on 2026-02-11, and a patch is currently unavailable, requiring alternative mitigation strategies.
The primary impact of CVE-2019-25313 is the ability for an attacker to create new administrative accounts within FlexNet Publisher without any authentication. This can be achieved by crafting a malicious HTML form that tricks an authenticated user into unknowingly submitting a request to create the new account. Once created, the attacker can use these credentials to gain full administrative privileges, allowing them to modify configurations, access sensitive data, and potentially compromise the entire system. The blast radius extends to any data managed by FlexNet Publisher, including licensing information and software deployment details. Successful exploitation could lead to significant disruption of operations and data breaches.
The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting limited active exploitation at this time. The vulnerability's severity is rated as MEDIUM, indicating a moderate risk of exploitation. Further investigation and monitoring are recommended to assess the evolving threat landscape.
Organizations utilizing FlexNet Publisher version 11.12.1 are at risk, particularly those with limited security controls or a lack of user awareness training. Shared hosting environments where multiple users share the same FlexNet Publisher instance are also at increased risk, as an attacker could potentially compromise the entire environment through a single user’s account.
disclosure
Statut de l'Exploit
EPSS
0.02% (percentile 6%)
CISA SSVC
Vecteur CVSS
Due to the absence of a patch for CVE-2019-25313, mitigation strategies focus on reducing the attack surface and minimizing the potential impact. Implement strict access controls, limiting the number of users with administrative privileges. User awareness training is crucial to educate users about the risks of XSRF attacks and how to avoid falling victim to malicious requests. Consider implementing a Web Application Firewall (WAF) with XSRF protection rules to filter out malicious requests. Regularly review user accounts and permissions to identify and remove any unauthorized accounts. While a direct fix is unavailable, diligent monitoring and proactive security measures are essential.
Mettre à jour FlexNet Publisher vers une version ultérieure à la 11.12.1. Consulter le site web de Flexera Software pour obtenir la dernière version et les instructions de mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2019-25313 is a cross-site request forgery vulnerability in FlexNet Publisher 11.12.1 that allows attackers to create admin accounts without authentication.
If you are running FlexNet Publisher version 11.12.1, you are potentially affected by this vulnerability.
A patch is currently unavailable. Mitigate by implementing strict access controls, user awareness training, and a WAF with XSRF protection.
While public exploits are limited, the vulnerability remains a potential risk and requires ongoing monitoring.
Refer to the Flexera security advisory for details: [https://www.flexera.com/security-advisories/](https://www.flexera.com/security-advisories/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.