diff --git a/gems/clockwork_web/CVE-2023-25015.yml b/gems/clockwork_web/CVE-2023-25015.yml
new file mode 100644
index 0000000000..002e4e59fa
--- /dev/null
+++ b/gems/clockwork_web/CVE-2023-25015.yml
@@ -0,0 +1,14 @@
+---
+gem: clockwork_web
+cve: 2023-25015
+url: https://github.com/ankane/clockwork_web/issues/4
+title: CSRF Vulnerability with Rails < 5.2
+date: 2023-02-01
+description: |
+  Clockwork Web is vulnerable to cross-site request forgery (CSRF) with Rails < 5.2.
+
+  A CSRF attack works by getting an authorized user to visit a malicious website and
+  then performing requests on behalf of the user. In this instance, actions include
+  enabling and disabling jobs.
+patched_versions:
+- ">= 0.1.2"