The vulnerability identified as CVE-2025-60912 affects phpIPAM version 1.7.3, an open-source IP address management application widely used for network administration. The flaw is a Cross-Site Request Forgery (CSRF) vulnerability located in the generate-mysql.php function within the /app/admin/import-export/ endpoint. This function facilitates database exports, allowing administrators to download database dumps. Due to insufficient CSRF protections, an attacker can craft a malicious HTTP GET request that, when executed by an authenticated administrator, triggers an unauthorized database export. The attack vector requires that the administrator has an active session and visits a malicious URL, which can be delivered via phishing emails or malicious websites. The vulnerability does not require privilege escalation or bypass of authentication but leverages the trust of the administrator's browser session. The lack of a CVSS score indicates the vulnerability is newly published with limited public information and no known exploits in the wild. The absence of patch links suggests that a fix is not yet publicly available, increasing the urgency for organizations to implement compensating controls. The primary risk is unauthorized disclosure of sensitive network information stored in the phpIPAM database, which could be leveraged for further attacks or espionage.

For European organizations, the impact of this vulnerability is primarily the risk of unauthorized disclosure of sensitive network infrastructure data. This data may include IP address allocations, device inventories, and network topology details critical for operational security. Exposure of such information can facilitate targeted attacks, including lateral movement, network reconnaissance, and exploitation of other vulnerabilities. Organizations in sectors such as telecommunications, finance, government, and critical infrastructure that rely on phpIPAM for IP address management are particularly vulnerable. The attack requires an active administrator session, so organizations with lax session management or insufficient user awareness are at higher risk. The potential for large database dumps means significant data leakage could occur in a single exploit. Although no known exploits exist in the wild, the vulnerability's publication may prompt attackers to develop exploits, increasing the threat over time.

1. Implement robust CSRF protections on all state-changing endpoints, especially the database export functionality. This includes using anti-CSRF tokens validated on the server side. 2. Restrict access to the /app/admin/import-export/ endpoint to trusted IP addresses or VPNs to limit exposure. 3. Enforce strict session management policies, including short session timeouts and re-authentication for sensitive actions like database exports. 4. Educate administrators about phishing and social engineering risks to reduce the likelihood of visiting malicious links. 5. Monitor logs for unusual export activity or large data downloads from the phpIPAM application. 6. If possible, upgrade to a patched version once available or apply vendor-provided mitigations. 7. Consider network segmentation to isolate management interfaces from general user access. 8. Use Web Application Firewalls (WAFs) to detect and block suspicious requests targeting the vulnerable endpoint.