Delete Original Image, Cross-Site Request Forgery (CSRF), CVE-2025-28863 (Medium)

By /

How the CVE Works:

CVE-2025-28863 is a Cross-Site Request Forgery (CSRF) vulnerability in the “Delete Original Image” functionality of the software developed by Carlos Minatti. This vulnerability allows an attacker to trick an authenticated user into performing unintended actions, such as deleting images, without their consent. The issue arises due to insufficient validation of HTTP requests, enabling malicious actors to craft forged requests that appear legitimate. When a user with administrative privileges visits a malicious website or clicks a crafted link, the request is executed in the context of their session, leading to unauthorized deletions. The vulnerability affects versions from n/a through 0.4 and has a CVSS 4.0 score indicating medium severity.

DailyCVE Form:

Platform: Delete Original Image
Version: 0.4 and earlier
Vulnerability: CSRF
Severity: Medium
Date: 03/11/2025

What Undercode Say:

Exploitation:

  1. Crafting Malicious Requests: Attackers can create forged HTTP requests targeting the “Delete Original Image” endpoint.

Example:

<img src="http://target-site.com/delete-image?id=123" style="display:none;">

2. Social Engineering: Trick authenticated users into visiting malicious pages containing the forged request.
3. Session Hijacking: Exploit active sessions to execute unauthorized actions.

Protection:

  1. CSRF Tokens: Implement unique, per-session CSRF tokens to validate requests.

Example (PHP):

session_start();
$csrf_token = bin2hex(random_bytes(32));
$_SESSION[bash] = $csrf_token;
echo '<input type="hidden" name="csrf_token" value="' . $csrf_token . '">';

2. SameSite Cookies: Set cookies with the `SameSite` attribute to prevent cross-origin requests.

Example:

setcookie('session_id', $session_id, [bash]);

3. Input Validation: Validate and sanitize all incoming requests to ensure they originate from trusted sources.

Commands:

1. Check for Vulnerable Versions:

grep -r "Delete Original Image" /var/www/html/

2. Update Software:

composer update carlos-minatti/delete-original-image

3. Audit Logs for Suspicious Activity:

tail -f /var/log/apache2/access.log | grep "DELETE /delete-image"

Analytics:

  1. Monitor CSRF Attempts: Use tools like ModSecurity to log and block CSRF attempts.
  2. User Education: Train users to recognize phishing attempts and avoid clicking suspicious links.
  3. Regular Patching: Ensure all software components are updated to the latest versions to mitigate known vulnerabilities.
    By following these steps, organizations can effectively exploit and protect against CVE-2025-28863, ensuring the security of their systems and data.

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-28863
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top