CVE-2025-47594 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the DAEXT Soccer Live Scores application, affecting versions up to 1.0.5. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a malicious request to a web application without their consent, exploiting the user's active session. In this case, the vulnerability allows an attacker to perform unauthorized actions on behalf of the user by leveraging the lack of proper anti-CSRF protections in the Soccer Live Scores application. The CVSS 3.1 base score of 4.3 indicates a medium severity, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N showing that the attack can be performed remotely over the network without privileges, requires user interaction, and impacts integrity but not confidentiality or availability. The vulnerability does not require authentication, but it does require the victim to interact with a crafted malicious link or webpage. No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. This vulnerability could allow attackers to manipulate data or settings within the Soccer Live Scores application, potentially altering scores or other information displayed to users, undermining the integrity of the application’s data.

For European organizations, particularly those involved in sports media, fan engagement platforms, or digital sports services using DAEXT Soccer Live Scores, this vulnerability could lead to unauthorized manipulation of live score data or user settings. This could damage the credibility of the service, lead to misinformation, and erode user trust. While the confidentiality and availability are not directly impacted, the integrity compromise could have reputational and operational consequences. Organizations relying on this software for real-time sports data display or betting-related services could face financial and legal risks if manipulated data influences user decisions or betting outcomes. Additionally, if the application is integrated into larger digital ecosystems, the CSRF vulnerability could serve as a pivot point for further attacks or social engineering campaigns targeting users.

To mitigate this vulnerability, organizations should implement robust anti-CSRF protections such as synchronizer tokens (CSRF tokens) or double-submit cookies in the Soccer Live Scores application. Developers should ensure that all state-changing requests require a valid, unpredictable token that is verified server-side. Additionally, enforcing same-site cookie attributes (SameSite=Lax or Strict) can reduce the risk of CSRF by restricting cross-origin requests. Organizations should monitor for updates or patches from DAEXT and apply them promptly once available. In the interim, restricting the application’s exposure by limiting access to trusted networks or using web application firewalls (WAFs) with custom rules to detect and block suspicious CSRF-like requests can reduce risk. User education to avoid clicking on suspicious links and employing Content Security Policy (CSP) headers to limit malicious content injection may also help reduce attack vectors.