Cross Site Request Forgery in Phpbb Product by Phpbb
CVE-2025-70810

8.8HIGH

Key Information:

Vendor: Phpbb
Status: Phpbb
Vendor: CVE Published:; 9 April 2026

What is CVE-2025-70810?

A Cross Site Request Forgery (CSRF) vulnerability has been identified in Phpbb version 3.3.15, allowing local attackers to exploit the login function and authentication mechanism. This weakness can potentially enable attackers to execute arbitrary code, thereby compromising the integrity and security of the affected system. It is crucial for users and administrators to take proactive measures to secure their installations against such vulnerabilities.

References

https://github.com/ariefibis

https://www.linkedin.com/in/mohammed-a-6a2548112/

https://gist.github.com/ariefibis/80e306765c23d6fac1584db...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70810 Data

JSON