CSRF Vulnerability in phpBB 3.3.15 Admin Control Panel (CVE-2025-70811)

A computer security forum focused on cybersecurity, system hardening, network protection, vulnerability analysis, privacy, and best practices for securing servers, applications, and infrastructure.
Forum rules
Post Reply
Admin
Site Admin
Posts: 80
Joined: Fri Feb 27, 2026 7:36 am
Contact:
Contact Admin

CSRF Vulnerability in phpBB 3.3.15 Admin Control Panel (CVE-2025-70811)

Post by Admin »

CVE-2025-70811: CSRF Vulnerability in phpBB 3.3.15 Admin Control Panel

Overview

A recently published phpBB vulnerability is tracked as CVE-2025-70811. It affects phpBB 3.3.15 and is related to a Cross-Site Request Forgery (CSRF) issue in the Admin Control Panel icon management functionality.

According to the NVD entry, the vulnerability may allow a local attacker to execute unintended actions through the Admin Control Panel icon management feature.

---

What is CSRF?

CSRF stands for Cross-Site Request Forgery.

In simple terms, CSRF means that an attacker tricks an already logged-in user into sending an unwanted request to a web application.

For example:
  • An administrator is logged into phpBB
  • The administrator opens a malicious link or webpage
  • That page silently sends a request to the phpBB Admin Control Panel
  • The forum may process the request as if the administrator wanted to perform that action
This is why admin sessions, CSRF tokens, referrer checks and strict permissions a…login to view the rest of this post
Top

This topic has 2 more replies

You must be a registered member and logged in to view the replies in this topic.


Register Login
 
Post Reply

Return to “Security”