CVE-2025-15550
Unknown
Unknown - Not Provided
CSRF Vulnerability in birkir prime GraphQL Endpoint Enables Unauthorized Actions
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: VulnCheck
Description
Description
birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query parameters.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| birkir | prime | to 0.4.0.beta.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site request forgery (CSRF) in birkir prime versions up to 0.4.0.beta.0, specifically in its GraphQL endpoint. It allows attackers to craft malicious GET requests that manipulate GraphQL query parameters to trigger unauthorized actions against privileged users.
How can this vulnerability impact me? :
The vulnerability can allow attackers to perform unauthorized actions on behalf of privileged users by exploiting the GraphQL endpoint via crafted GET requests. This could lead to unintended operations being executed without the user's consent.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70