Plataforma
php
Componente
critical-security-vulnerability-report-csrf-forced-withdrawal
Corrigido em
1.0.1
1.0.1
CVE-2025-13119 describes a cross-site request forgery (CSRF) vulnerability discovered in Simple E-Banking System versions 1.0 through 1.0. This flaw allows attackers to trick authenticated users into performing unintended actions, potentially leading to unauthorized financial transactions. A fix is available in version 1.0.1, and immediate patching is recommended.
A successful CSRF attack against Simple E-Banking System could allow an attacker to initiate unauthorized fund transfers, modify account details, or perform other sensitive actions on behalf of a legitimate user. The attack is initiated remotely, meaning an attacker doesn't need direct access to the server. The published exploit significantly increases the risk of exploitation, as attackers can readily leverage it to target vulnerable systems. The blast radius extends to any user of the affected Simple E-Banking System, particularly those who regularly access the system through web browsers.
The exploit for CVE-2025-13119 has been publicly published, indicating a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Given the availability of a public exploit, organizations should prioritize patching to prevent potential attacks. Active campaigns targeting this vulnerability are possible, though no confirmed instances are publicly available at this time.
Small to medium-sized businesses and organizations that rely on Simple E-Banking System for their financial transactions are at significant risk. Specifically, those using the vulnerable versions 1.0–1.0 without proper security controls, such as WAFs or input validation, are particularly susceptible to exploitation.
• generic web:
curl -I <banking_system_url> | grep -i 'csrf-token'• generic web:
grep -r 'csrf_token' /var/www/html/disclosure
Status do Exploit
EPSS
0.07% (percentil 22%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-13119 is to upgrade to version 1.0.1 of Simple E-Banking System. If upgrading immediately is not feasible, implement temporary mitigations such as implementing strict input validation on all user-supplied data and employing a Web Application Firewall (WAF) with CSRF protection rules. Consider adding a SameSite cookie attribute to prevent cross-site requests. Regularly review and update security configurations to minimize the attack surface. After upgrading, confirm the vulnerability is resolved by attempting a CSRF attack via a testing tool.
Atualizar para uma versão corrigida do Simple E-Banking System que solucione a vulnerabilidade CSRF. Se não houver uma versão corrigida disponível, implementar medidas de proteção CSRF, como tokens CSRF, em todas as operações sensíveis do sistema.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-13119 is a cross-site request forgery (CSRF) vulnerability affecting Simple E-Banking System versions 1.0–1.0, allowing attackers to perform unauthorized actions.
You are affected if you are using Simple E-Banking System versions 1.0–1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. If immediate upgrade is not possible, implement WAF rules and input validation as temporary mitigations.
The exploit is publicly available, increasing the likelihood of exploitation. Active campaigns are possible but not confirmed.
Refer to the vendor's website or security advisories for the latest information on CVE-2025-13119 and Simple E-Banking System.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.