{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70810", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T16:35:39.523Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T14:24:30.432Z"}, "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ariefibis"}, {"url": "https://www.linkedin.com/in/mohammed-a-6a2548112/"}, {"url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "references": [{"url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:42:47.850337Z", "id": "CVE-2025-70810", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:35:39.523Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70810", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T14:42:47.850337Z"}}}], "references": [{"url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:43:21.172Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/ariefibis"}, {"url": "https://www.linkedin.com/in/mohammed-a-6a2548112/"}, {"url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30"}], "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T14:24:30.432Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70810", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:35:39.523Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpbb:phpbb:3.3.15:-:*:*:*:*:*:*", "matchCriteriaId": "0F92D845-DF72-48D5-9BF6-CD8E0736A08D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism"}], "id": "CVE-2025-70810", "lastModified": "2026-04-17T13:06:33.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T15:16:09.037", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/ariefibis"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://www.linkedin.com/in/mohammed-a-6a2548112/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/ariefibis/80e306765c23d6fac1584dbb76822e30"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.3.15"}}], "enrichment": {"confidence": 70.0, "confidence_source": "inferred", "scores": [{"score": 70.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "phpbb3", "vendor": "ariefibis"}], "analysis": {"en": {"generated_at": "2026-04-15T19:41:11.820719+00:00", "value": {"mitigation_remediation": ["Upgrade PhpBB phbb3 to a patched version that removes the CSRF flaw", "If an upgrade is not yet possible, restrict or disable the affected login endpoint or limit access to trusted IPs", "Add CSRF tokens or enforce token validation for all authenticated requests", "Ensure PHP session cookies are marked secure and HTTPOnly, and enforce strict origin checks", "Review the codebase and server logs for evidence of unauthorized code execution", "Monitor authentication events and apply intrusion detection alerts for anomalous requests"], "summary": {"action": "Immediate Patch", "impact": "Local Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of the PhpBB phbb3 forum software running version\u202f3.3.15. No other product variants or vendors are listed, so any deployment of that specific version is exposed.", "description_and_impact": "A Cross\u2011Site Request Forgery flaw exists in the login routine of PhpBB phbb3 version\u202f3.3.15. By submitting a crafted request that mimics a legitimate authentication attempt, an attacker can inject code that the PHP interpreter executes. The flaw maps to the misuse of request validation (CWE\u2011352). Successful exploitation results in arbitrary code execution with the privileges of the web server process, allowing complete compromise of the affected site.", "risk_and_exploitability": "The base CVSS score of 8.8 reflects a high severity level. An EPSS score below 1\u202f% indicates that exploitation is currently rare, and the issue has not appeared in the CISA Known Exploited Vulnerabilities catalog. An attacker who can send crafted requests from a local browsing session or a compromised account can trigger the login route and cause PHP to execute arbitrary code. The requirement for direct engagement with the authentication endpoint means the attack is limited to situations where the attacker can access the login form; however, because the flaw arises from a CSRF condition, it may be feasible from a previously compromised user browser or by using a victim\u2019s session cookie."}}}}, "created": "2026-04-10T08:54:06.114430+00:00", "title": "Cross\u2011Site Request Forgery in PhpBB phbb3 Login Enables Local Code Execution", "updated": "2026-04-15T19:45:12.727563+00:00", "vendors": ["ariefibis", "ariefibis$PRODUCT$phpbb3"]}