Skip to main content

CVE-2025-47594: CWE-352 Cross-Site Request Forgery (CSRF) in DAEXT Soccer Live Scores

Medium
VulnerabilityCVE-2025-47594cvecve-2025-47594cwe-352
Published: Wed May 07 2025 (05/07/2025, 14:20:24 UTC)
Source: CVE
Vendor/Project: DAEXT
Product: Soccer Live Scores

Description

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5.

AI-Powered Analysis

AILast updated: 07/05/2025, 11:28:26 UTC

Technical Analysis

CVE-2025-47594 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the DAEXT Soccer Live Scores application, affecting versions up to 1.0.5. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a malicious request to a web application without their consent, exploiting the user's active session. In this case, the vulnerability allows an attacker to perform unauthorized actions on behalf of the user by leveraging the lack of proper anti-CSRF protections in the Soccer Live Scores application. The CVSS 3.1 base score of 4.3 indicates a medium severity, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N showing that the attack can be performed remotely over the network without privileges, requires user interaction, and impacts integrity but not confidentiality or availability. The vulnerability does not require authentication, but it does require the victim to interact with a crafted malicious link or webpage. No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. This vulnerability could allow attackers to manipulate data or settings within the Soccer Live Scores application, potentially altering scores or other information displayed to users, undermining the integrity of the application’s data.

Potential Impact

For European organizations, particularly those involved in sports media, fan engagement platforms, or digital sports services using DAEXT Soccer Live Scores, this vulnerability could lead to unauthorized manipulation of live score data or user settings. This could damage the credibility of the service, lead to misinformation, and erode user trust. While the confidentiality and availability are not directly impacted, the integrity compromise could have reputational and operational consequences. Organizations relying on this software for real-time sports data display or betting-related services could face financial and legal risks if manipulated data influences user decisions or betting outcomes. Additionally, if the application is integrated into larger digital ecosystems, the CSRF vulnerability could serve as a pivot point for further attacks or social engineering campaigns targeting users.

Mitigation Recommendations

To mitigate this vulnerability, organizations should implement robust anti-CSRF protections such as synchronizer tokens (CSRF tokens) or double-submit cookies in the Soccer Live Scores application. Developers should ensure that all state-changing requests require a valid, unpredictable token that is verified server-side. Additionally, enforcing same-site cookie attributes (SameSite=Lax or Strict) can reduce the risk of CSRF by restricting cross-origin requests. Organizations should monitor for updates or patches from DAEXT and apply them promptly once available. In the interim, restricting the application’s exposure by limiting access to trusted networks or using web application firewalls (WAFs) with custom rules to detect and block suspicious CSRF-like requests can reduce risk. User education to avoid clicking on suspicious links and employing Content Security Policy (CSP) headers to limit malicious content injection may also help reduce attack vectors.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-05-07T10:44:15.222Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ac4522896dcbd926d

Added to database: 5/21/2025, 9:08:42 AM

Last enriched: 7/5/2025, 11:28:26 AM

Last updated: 8/14/2025, 11:35:14 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats