CVE-2021-25930 is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple versions of OpenNMS Horizon and OpenNMS Meridian, specifically from opennms-1-0-stable through opennms-27.1.0-1 and meridian-foundation-2015.1.0-1 through meridian-foundation-2020.1.6-1. OpenNMS is an open-source network management platform widely used for monitoring network devices and services. The vulnerability arises due to the absence of CSRF protection mechanisms in the affected versions. Additionally, there is no validation when renaming an existing user account. This combination allows an attacker to craft a malicious request that, when executed by an authenticated user, can rename a user account without proper checks. The consequence is that the privileges of the renamed user are overwritten by those of the old user, and the old user is deleted from the user list. This can lead to privilege manipulation and potential unauthorized access escalation or disruption of user management. The CVSS v3.1 base score is 4.3 (medium severity), with vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that the attack can be performed remotely over the network with low complexity, requires no privileges but does require user interaction, and impacts integrity but not confidentiality or availability. There are no known exploits in the wild, and no patches are linked in the provided data, indicating that mitigation may require manual updates or configuration changes. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery).

For European organizations using OpenNMS for network monitoring and management, this vulnerability poses a risk of unauthorized manipulation of user accounts. An attacker could trick an authenticated user into executing a malicious request that renames users, potentially overwriting privileges and deleting legitimate user accounts. This can lead to unauthorized privilege escalation or denial of legitimate user access, undermining the integrity of user management within the system. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact can disrupt administrative controls and trust in the monitoring infrastructure. This is particularly critical for organizations relying on OpenNMS for managing critical network infrastructure, as compromised user management could facilitate further attacks or operational disruptions. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated in environments with high security requirements or where OpenNMS is exposed to untrusted networks.

Implement CSRF protection mechanisms in OpenNMS by upgrading to a version where this vulnerability is patched or by applying community or vendor-provided patches if available. If immediate upgrade is not possible, restrict access to the OpenNMS web interface to trusted internal networks only, reducing exposure to CSRF attacks. Enforce strict user session management and consider implementing multi-factor authentication to reduce the risk of unauthorized actions via CSRF. Regularly audit user accounts and privileges within OpenNMS to detect any unauthorized changes promptly. Educate users about the risks of CSRF and advise caution when clicking on links or executing actions in the OpenNMS interface, especially from untrusted sources. Use web application firewalls (WAFs) or reverse proxies with CSRF detection capabilities to filter malicious requests targeting OpenNMS. Monitor network traffic and logs for unusual user management activities that could indicate exploitation attempts.