CVE-2025-4887 MEDIUM

CVE-2025-4887: SourceCodester Online Student Clearance System cross-site request forgery

Vendor Sourcecodester

Product Online Student Clearance System

Weakness CWE-352 · CSRF

Published May 18, 2025

Last update May 19, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 18, 2025 CVE published

May 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4887 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-26011 WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-45752 WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-23470 WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability CVE-2026-39618 WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2017-3187 The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery