Thvt0Ne

**Name of the Vulnerable Software and Affected Versions** ERPNEXT versions 14.74.3 through 14.82.1 **Description** A Cross-Site Request Forgery (CSRF) vulnerability was discovered, allowing an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections. **Recommendations** For ERPNEXT version 14.74.3, update to a version that includes CSRF protections to prevent unauthorized actions. For ERPNEXT version 14.82.1, update to a version that includes CSRF protections to prevent unauthorized actions. As a temporary workaround, consider implementing additional security measures to mitigate the risk of CSRF attacks until a patch is available.