Login Sign Up

CVE-2025-5410

4.3 MEDIUM
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in Mist Community Edition allows attackers to trick authenticated users into performing unintended actions by exploiting the session_start_response function. It affects all users running versions up to 4.7.1. Attackers can remotely initiate these attacks when users visit malicious websites while authenticated to Mist.

💻 Affected Systems

Products:
  • Mist Community Edition
Versions: Up to and including version 4.7.1
Operating Systems: All platforms running Mist CE
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Mist by Mist

View all CVEs affecting Mist →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform administrative actions on behalf of authenticated users, potentially modifying system configurations, creating new users, or altering access controls.

🟠

Likely Case

Attackers trick users into performing actions like changing their own settings, creating/modifying resources, or performing actions within their permission scope.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to actions within the user's existing permissions, with audit trails for detection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires user interaction (visiting malicious site while authenticated) but is technically simple to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.2

Vendor Advisory: https://github.com/mistio/mist-ce/releases/tag/v4.7.2

Restart Required: Yes

Instructions:

1. Backup current installation and data. 2. Stop Mist CE service. 3. Update to version 4.7.2 via package manager or manual installation. 4. Restart Mist CE service. 5. Verify functionality.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Implement custom CSRF token validation in middleware

Modify src/mist/api/auth/middleware.py to add CSRF token validation

SameSite Cookie Enforcement

all

Configure session cookies with SameSite=Strict attribute

Set session cookie attributes: SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF patterns
  • Enforce strict referrer policies and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check Mist CE version via web interface or configuration files. Versions ≤4.7.1 are vulnerable.

Check Version:

Check web interface or run: grep 'version' /path/to/mist/config/files

Verify Fix Applied:

Verify version is 4.7.2 or higher and test CSRF protection with security testing tools.

📡 Detection & Monitoring

Log Indicators:

  • Unusual sequence of administrative actions from same user session
  • Requests missing expected CSRF tokens

Network Indicators:

  • HTTP requests with mismatched referrer headers
  • Suspicious cross-origin requests to Mist endpoints

SIEM Query:

source="mist-logs" AND (action="admin_operation" OR status="403") AND csrf_token="missing"

📊 Metadata

CVE ID: CVE-2025-5410
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
EPSS Score: 0.04% exploit probability (13th percentile)
Published: June 1, 2025
Last Updated: November 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5410, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2018-18934 9.8

This vulnerability in PopojiCMS v2.0.1 allows remote attackers to upload and execute arbitrary PHP c...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)