CVE-2025-70811
CSRF in phpBB 3.3.15 Admin Panel Enables Code Execution
Publication date: 2026-04-09
Last updated on: 2026-04-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpbb | phpbb | 3.3.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70811 is a Cross-Site Request Forgery (CSRF) vulnerability in phpBB version 3.3.15, specifically affecting the Admin Control Panel's icon management functionality.
This vulnerability occurs because the icon management module processes state-changing POST requests without proper CSRF protection, allowing an attacker to trick an authenticated administrator into executing unintended administrative actions.
An attacker can exploit this by making the administrator visit a malicious webpage that automatically submits a forged POST request, such as modifying icon settings via a hidden form submission.
The weakness is classified under CWE-352, indicating insufficient verification that requests originate from legitimate users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized administrative actions via Cross-Site Request Forgery in the phpBB Admin Control Panel, potentially leading to privilege abuse and account takeover scenarios.
While the vulnerability does not directly expose sensitive data (Confidentiality impact is None), unauthorized configuration changes and privilege abuse could indirectly affect compliance with standards like GDPR and HIPAA, which require protection of user data and secure administrative controls.
Failure to mitigate such vulnerabilities could be seen as insufficient security controls under these regulations, potentially leading to non-compliance if exploited to compromise user data or system integrity.
How can this vulnerability impact me? :
This vulnerability allows unauthorized configuration changes and privilege abuse within the phpBB application by manipulating administrator sessions.
It can potentially lead to account takeover scenarios by exploiting the administrator's authenticated session.
The impact on confidentiality and availability is none, but integrity is affected at a low level due to unauthorized configuration changes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the phpBB Admin Control Panel icon management module at the path `/adm/index.php?i=acp_icons` and involves state-changing POST requests without proper CSRF protection.
To detect potential exploitation attempts, you can monitor HTTP POST requests to `/adm/index.php?i=acp_icons` that lack valid CSRF tokens or originate from suspicious sources.
Commands to help detect such activity might include inspecting web server logs for POST requests to the vulnerable endpoint, for example using grep:
- grep 'POST /adm/index.php?i=acp_icons' /var/log/apache2/access.log
- grep 'POST /adm/index.php?i=acp_icons' /var/log/nginx/access.log
Additionally, you can use tools like Wireshark or tcpdump to capture HTTP traffic and filter for POST requests to the vulnerable path.
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /adm/index.php?i=acp_icons'
Look for POST requests that do not include expected CSRF tokens or have suspicious Referer or Origin headers indicating possible CSRF attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protections in the phpBB Admin Control Panel icon management module.
- Enforce CSRF tokens that are bound to user sessions and validate their integrity and expiration on all state-changing POST requests.
- Implement SameSite cookies with Strict or Lax settings to reduce the risk of cross-site request forgery.
- Validate the Origin and Referer headers on incoming requests to ensure they originate from legitimate sources.
- Require re-authentication for sensitive actions within the Admin Control Panel to prevent unauthorized changes.
Since no patched versions are available as of the advisory date, these mitigations should be applied as configuration or code changes to reduce risk.