Cross Site Request Forgery in Phpbb 3.3.15 by Phpbb
CVE-2025-70811

4.3MEDIUM

Key Information:

Vendor: Phpbb
Status: Phpbb
Vendor: CVE Published:; 9 April 2026

What is CVE-2025-70811?

A Cross Site Request Forgery (CSRF) vulnerability in Phpbb version 3.3.15 allows local attackers to exploit the Admin Control Panel's icon management. By leveraging this security weakness, malicious entities can execute arbitrary code, potentially leading to unauthorized administrative actions and compromising the integrity of the affected system.

References

https://github.com/ariefibis

https://www.linkedin.com/in/mohammed-a-6a2548112/

https://github.com/ariefibis/PHPBB/security/advisories/GH...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70811 Data

JSON