Security Advisory

CVE-2025-25928

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-11 00:00:00

Last updated 2025-03-17 18:55:54

Assigner mitre

State PUBLISHED

Description

A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an administrative role by leveraging the CSRF vulnerability at the /admin/users/user.form endpoint.

← Browse all CVEs View on cve.org ↗