CVE-2025-6478

MEDIUM

Codeastro Expense Management System - Missing Authorization

Title source: rule

Description

A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.

References (4)

Scores

CVSS v3 4.3
EPSS 0.0004
EPSS Percentile 12.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE
CWE-862 CWE-352
Status published

Affected Products (1)

codeastro/expense_management_system

Timeline

Published Jun 22, 2025
Tracked Since Feb 18, 2026