CVE-2025-28062 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability identified in ERPNext versions 14.82.1 and 14.74.3. ERPNext is an open-source Enterprise Resource Planning (ERP) software widely used by organizations for managing business processes such as accounting, inventory, human resources, and customer relationship management. The vulnerability arises due to missing CSRF protections in the affected versions, allowing attackers to craft malicious web requests that can be executed by authenticated users without their consent. Exploitation of this vulnerability enables an attacker to perform unauthorized actions including user deletion, password resets, and privilege escalation. The CVSS 3.1 base score of 8.1 reflects the vulnerability’s high impact, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality and integrity is high (C:H/I:H), while availability is not affected (A:N). Since the attacker can induce an authenticated user to unknowingly execute harmful requests, the vulnerability can lead to significant compromise of user accounts and administrative control within ERPNext deployments. No known exploits are reported in the wild yet, and no official patches or mitigation links are provided in the source information, indicating the need for immediate attention by ERPNext users to monitor for updates or apply interim mitigations.

For European organizations using ERPNext, this vulnerability poses a substantial risk to the confidentiality and integrity of their business-critical data and user accounts. Unauthorized user deletions and password resets can disrupt business operations, cause data loss, and lead to unauthorized access. Privilege escalation can allow attackers to gain administrative control, potentially compromising sensitive financial, HR, and customer data. Given ERPNext’s use in various sectors including manufacturing, retail, and services across Europe, exploitation could result in regulatory non-compliance, especially under GDPR, due to unauthorized data access or modification. The requirement for user interaction means phishing or social engineering campaigns could be leveraged to trigger the attack, increasing the risk in environments with less security awareness. The absence of known exploits currently provides a window for mitigation, but the high CVSS score and critical nature of the affected functionalities necessitate urgent risk management.

European organizations should immediately audit their ERPNext installations to identify if they are running the affected versions 14.82.1 or 14.74.3. Until official patches are released, organizations should implement the following mitigations: 1) Enforce strict Content Security Policy (CSP) headers to limit the domains from which requests can be initiated. 2) Implement additional CSRF tokens or double-submit cookie patterns at the web application firewall (WAF) or reverse proxy level if possible. 3) Educate users about phishing and social engineering risks to reduce the likelihood of user interaction that triggers CSRF attacks. 4) Restrict access to ERPNext interfaces to trusted networks or VPNs to reduce exposure. 5) Monitor logs for unusual user deletion or password reset activities. 6) Segregate administrative accounts and enforce multi-factor authentication (MFA) to mitigate privilege escalation impact. Finally, maintain close communication with ERPNext developers and security advisories to apply official patches promptly once available.