CVE-2025-60912

Name of the Vulnerable Software and Affected Versions phpIPAM version 1.7.3

Description The software contains a Cross-Site Request Forgery (CSRF) issue in the database export functionality. The generate-mysql.php function, located at the /app/admin/import-export/ API endpoint, can be exploited to trigger large database dump downloads through specially crafted HTTP GET requests when an administrator is logged in. The vulnerability allows remote attackers to perform actions on behalf of an authenticated administrator.

Recommendations Apply updates to address the issue in the affected version. As a temporary workaround, consider restricting access to the /app/admin/import-export/ endpoint.