CVE-2025-44185 — Cross-Site Request Forgery in Best Employee Management System

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 73.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mayurik Best Employee Management System

Timeline

PublishedMay 15

Description

SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDmayurik/best_employee_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2025-44185: SourceCodester Best Employee Management System V1↗2025-05-15

▶

GHSA

GHSA-357g-hmp7-jxcf: SourceCodester Best Employee Management System V1↗2025-05-15

▶