The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
PUBLISHED5.2
Affected products
n/a - AFFECTED
References
etlsystems.com
https://www.etlsystems.com/
github.com
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67013%20_%20ETL%20Systems%20Ltd%20DEXTRA%20Series%20_%20CSRF
GitHub Security Advisories
GHSA-4jf5-rmwc-7vww
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution...
https://github.com/advisories/GHSA-4jf5-rmwc-7vwwThe web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-67013
github.com
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67013%20_%20ETL%20Systems%20Ltd%20DEXTRA%20Series%20_%20CSRF
etlsystems.com
https://www.etlsystems.com
github.com
https://github.com/advisories/GHSA-4jf5-rmwc-7vww
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-67013Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-67013",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-12-26T16:29:15.819Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"datePublished": "2025-12-26T00:00:00.000Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-12-26T15:11:36.358Z"
},
"descriptions": [
{
"lang": "en",
"value": "The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "n/a",
"type": "text"
}
]
}
],
"references": [
{
"url": "https://www.etlsystems.com/"
},
{
"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67013%20_%20ETL%20Systems%20Ltd%20DEXTRA%20Series%20_%20CSRF"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-26T16:29:15.819Z"
},
"title": "CISA ADP Vulnrichment",
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
},
{}
]
}
]
}
}