CVE-2025-60912

LOW

phpIPAM v1.7.3 - CSRF

Title source: llm

Description

phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an administrator has an active session.

References (2)

Scores

CVSS v3 3.3
EPSS 0.0011
EPSS Percentile 29.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

Classification

CWE
CWE-352
Status published

Affected Products (1)

phpipam/phpipam < 1.7.3

Timeline

Published Dec 08, 2025
Tracked Since Feb 18, 2026