CVE-2025-6341 – This CSRF vulnerability in School Fees Payment ... (How to Fix)

Q: What is the severity of CVE-2025-6341?

CVE-2025-6341 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in School Fees Payment System 1.0 allows attackers to trick authenticated users into performing unintended actions, such as modifying payment records or user data. It affects all installations of this specific software version. The vulnerability requires user interaction but can be exploited remotely.

📋 TL;DR

This CSRF vulnerability in School Fees Payment System 1.0 allows attackers to trick authenticated users into performing unintended actions, such as modifying payment records or user data. It affects all installations of this specific software version. The vulnerability requires user interaction but can be exploited remotely.

💻 Affected Systems

Products:

code-projects School Fees Payment System

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable regardless of configuration.

📦 What is this software?

School Fees Payment System by Fabian

View all CVEs affecting School Fees Payment System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate payment records, create fraudulent transactions, modify user permissions, or delete critical system data through authenticated user sessions.

🟠

Likely Case

Attackers create fraudulent payment entries, modify student fee records, or alter user account details through crafted malicious links or forms.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to failed attack attempts with no data compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated user to visit malicious page while logged into the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens manually or migrating to alternative software.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all forms and validate them server-side

Manual code modification required - add anti-CSRF tokens to forms and session validation

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF patterns
Educate users about not clicking suspicious links while authenticated and implementing session timeouts

🔍 How to Verify

Check if Vulnerable:

Check if forms lack CSRF tokens and if same-origin policy is not enforced. Test with CSRF PoC tools like Burp Suite.

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Verify all forms contain unique CSRF tokens that are validated server-side. Test with CSRF attack simulations.

📡 Detection & Monitoring

Log Indicators:

Multiple failed form submissions from same IP
Unusual state-changing requests without referrer headers
Requests with missing or invalid CSRF tokens

Network Indicators:

HTTP requests with mismatched Origin/Referer headers
State-changing GET requests
Requests from unexpected domains to authenticated endpoints

SIEM Query:

web_requests WHERE (method = 'POST' AND (csrf_token IS NULL OR csrf_token INVALID)) OR (method = 'GET' AND path CONTAINS '/admin/' AND parameters CONTAINS 'action=')

📊 Metadata

CVE ID: CVE-2025-6341

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.06% exploit probability (19th percentile)

Published: June 20, 2025

Last Updated: June 26, 2025

🔗 References

https://code-projects.org/ Product
https://github.com/tuooo/CVE/issues/15 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.313336 Permissions Required,VDB Entry
https://vuldb.com/?id.313336 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.597023 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6341, you might also want to check these: