CVE-2025-60912
📋 TL;DR
phpIPAM v1.7.3 contains a CSRF vulnerability in the database export functionality that allows attackers to trigger unauthorized database dump downloads. Attackers can craft malicious HTTP GET requests that execute when an administrator with an active session visits a malicious page. This affects all phpIPAM installations running version 1.7.3 with administrators who access untrusted web content while logged in.
💻 Affected Systems
- phpIPAM
📦 What is this software?
Phpipam by Phpipam
⚠️ Risk & Real-World Impact
Worst Case
Attackers could exfiltrate the entire phpIPAM database containing sensitive network information, IP address data, and potentially credentials if stored insecurely.
Likely Case
Attackers trick administrators into downloading large database dumps, causing denial of service through resource exhaustion and potentially exposing sensitive network inventory data.
If Mitigated
With proper CSRF protections and administrator awareness, exploitation attempts fail and no data is compromised.
🎯 Exploit Status
Exploitation requires social engineering to trick administrators; technical complexity is minimal once malicious page is crafted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.7.4 or later
Vendor Advisory: https://github.com/phpipam/phpipam
Restart Required: No
Instructions:
1. Backup current installation. 2. Download phpIPAM v1.7.4 or later from GitHub. 3. Replace affected files. 4. Verify functionality.
🔧 Temporary Workarounds
Add CSRF Token Protection
allManually add CSRF token validation to the generate-mysql.php endpoint
Edit /app/admin/import-export/generate-mysql.php to include CSRF token validation
Restrict Access to Export Function
linuxUse web server configuration to restrict access to the export endpoint
Add location block in nginx: location ~ /app/admin/import-export/ { deny all; }
Add Directory block in Apache: <Directory /path/to/app/admin/import-export/> Require all denied </Directory>
🧯 If You Can't Patch
- Implement strict SameSite cookie policies for phpIPAM sessions
- Educate administrators to use separate browsers for administrative tasks and general browsing
🔍 How to Verify
Check if Vulnerable:
Check if running phpIPAM v1.7.3 and examine /app/admin/import-export/generate-mysql.php for CSRF protectionCheck Version:
grep -r 'version' /path/to/phpipam/README.md or check phpIPAM web interface footerVerify Fix Applied:
Verify version is v1.7.4+ and test that CSRF tokens are required for database export requests📡 Detection & Monitoring
Log Indicators:
- Unusual large file downloads from /app/admin/import-export/generate-mysql.php
- Multiple GET requests to export endpoint from same IP
Network Indicators:
- Large outbound database dump files from phpIPAM server
- Unexpected database export traffic patterns
SIEM Query:
source="phpipam" AND (uri="/app/admin/import-export/generate-mysql.php" OR action="database_export") AND size>100MB