CVE-2019-25313

Description

FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account with a predefined password.

PUBLISHED Reserved 2026-02-11 | Published 2026-02-11 | Updated 2026-02-12 | Assigner VulnCheck

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Credits

Ismail Tasdelen finder

References

www.exploit-db.com/exploits/47986 (ExploitDB-47986) exploit

www.flexerasoftware.com/ (Flexera Software Homepage) product

www.flexerasoftware.com/...e/products/flexnet-licensing.html (FlexNet Licensing Product Page) product

www.vulncheck.com/...ss-site-request-forgery-add-local-admin (VulnCheck Advisory: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)) third-party-advisory

cve.org (CVE-2019-25313)

nvd.nist.gov (CVE-2019-25313)

Download JSON