CSRF Vulnerability in phpBB 3.3.15 Admin Control Panel (CVE-2025-70811)
Posted: Wed Apr 29, 2026 12:37 am
CVE-2025-70811: CSRF Vulnerability in phpBB 3.3.15 Admin Control Panel
Overview
A recently published phpBB vulnerability is tracked as CVE-2025-70811. It affects phpBB 3.3.15 and is related to a Cross-Site Request Forgery (CSRF) issue in the Admin Control Panel icon management functionality.
According to the NVD entry, the vulnerability may allow a local attacker to execute unintended actions through the Admin Control Panel icon management feature.
---
What is CSRF?
CSRF stands for Cross-Site Request Forgery.
In simple terms, CSRF means that an attacker tricks an already logged-in user into sending an unwanted request to a web application.
For example:
Overview
A recently published phpBB vulnerability is tracked as CVE-2025-70811. It affects phpBB 3.3.15 and is related to a Cross-Site Request Forgery (CSRF) issue in the Admin Control Panel icon management functionality.
According to the NVD entry, the vulnerability may allow a local attacker to execute unintended actions through the Admin Control Panel icon management feature.
---
What is CSRF?
CSRF stands for Cross-Site Request Forgery.
In simple terms, CSRF means that an attacker tricks an already logged-in user into sending an unwanted request to a web application.
For example:
- An administrator is logged into phpBB
- The administrator opens a malicious link or webpage
- That page silently sends a request to the phpBB Admin Control Panel
- The forum may process the request as if the administrator wanted to perform that action