CVE-2025-6664 MEDIUM

CVE-2025-6664: CodeAstro Patient Record Management System cross-site request forgery

Vendor Codeastro

Product Patient Record Management System

Weakness CWE-352 · CSRF

Published June 25, 2025

Last update June 28, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 25, 2025 CVE published

June 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6664 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-47609 WordPress EasyMe Connect plugin <= 3.0.3 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-57927 WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2021-3729 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii CVE-2024-52392 WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-23499 WordPress Board Election plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability