CVE-2025-63712 identifies a Cross-Site Request Forgery vulnerability in the SourceCodester Product Expiry Management System, particularly within the User Management module's delete-user.php script. The vulnerability arises because the endpoint processes user deletion requests based solely on session cookies without implementing any CSRF protections such as anti-CSRF tokens or origin checks. Attackers can craft malicious GET requests that, when executed by an authenticated user’s browser, cause the system to delete arbitrary user accounts without the user’s consent or knowledge. This is facilitated by the use of GET requests for state-changing operations, which is against best security practices. The lack of CSRF defenses means that any authenticated user visiting a malicious website or clicking a crafted link could trigger user deletions. Although no specific affected versions are listed, the vulnerability is tied to the SourceCodester Product Expiry Management System, a PHP-based web application used for managing product expiry and user accounts. No patches or fixes are currently linked, and no exploits have been reported in the wild, indicating this is a newly disclosed vulnerability. The absence of a CVSS score requires an assessment based on the vulnerability’s characteristics: it impacts integrity and availability by allowing unauthorized user deletions, requires an authenticated session but no additional user interaction beyond visiting a malicious link, and affects all installations lacking CSRF protections. This vulnerability could be leveraged to disrupt administrative controls and user management, potentially leading to denial of service for legitimate users or privilege escalation if administrative accounts are targeted.

For European organizations using the SourceCodester Product Expiry Management System, this vulnerability could lead to unauthorized deletion of user accounts, including potentially administrative users. This compromises the integrity of user data and the availability of user management functions, potentially disrupting business operations reliant on this system. The attack requires the victim to be authenticated, so internal users or administrators are at risk if they visit malicious sites. The impact is particularly severe in environments where user accounts control access to critical business functions or sensitive data. Additionally, the lack of CSRF protections indicates a broader security oversight that may expose other parts of the application to similar attacks. Organizations may face operational downtime, increased administrative overhead to restore deleted accounts, and potential compliance issues if user data integrity is compromised. The threat could also be leveraged as part of a larger attack chain, facilitating privilege escalation or lateral movement within networks. Given the nature of the vulnerability, it could affect sectors with high reliance on web-based management systems, such as retail, manufacturing, and supply chain management across Europe.

To mitigate CVE-2025-63712, organizations should immediately implement anti-CSRF tokens in all state-changing requests, especially those that modify or delete user data. The delete-user.php endpoint should be refactored to use POST requests instead of GET for operations that alter server state, aligning with secure development best practices. Additionally, validating the HTTP Referer or Origin headers can provide an extra layer of protection against cross-origin requests. Session management should be reviewed to ensure that session cookies are marked as HttpOnly and Secure to reduce the risk of session hijacking. Organizations should conduct a thorough code review of the entire Product Expiry Management System to identify and remediate other potential CSRF vulnerabilities. If possible, update to a patched version once available or apply vendor-supplied fixes. User education is also important to reduce the risk of users clicking on malicious links. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block suspicious cross-origin requests targeting the vulnerable endpoint. Finally, monitoring and logging user deletion events can help detect exploitation attempts early.