Skip to main content

Gibbon CVE-2025-26211

LOW
Cross-Site Request Forgery (CSRF) (CWE-352)
2025-05-27 cve@mitre.org
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:44 vuln.today
CVE Published
May 27, 2025 - 04:15 nvd
LOW 3.7

DescriptionCVE.org

Gibbon before 29.0.00 allows CSRF.

AnalysisAI

Gibbon before 29.0.00 allows CSRF. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Affected products include: Gibbonedu Gibbon. Version information: before 29.0.00.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

More in Gibbon

View all
CVE-2024-24725 HIGH POC
8.8 Mar 23

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POS

CVE-2024-24724 CRITICAL POC
9.8 Apr 03

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re

CVE-2023-45878 CRITICAL POC
9.8 Nov 14

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not

CVE-2023-34598 CRITICAL POC
9.8 Jun 29

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files

CVE-2023-45880 HIGH POC
7.2 Nov 14

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. Rated high severity

CVE-2024-34831 MEDIUM POC
6.1 Sep 10

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the im

CVE-2023-45881 MEDIUM POC
6.1 Nov 14

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resu

CVE-2023-34599 MEDIUM POC
6.1 Jun 29

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to ex

CVE-2022-27311 CRITICAL
9.8 Apr 25

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Rated critic

CVE-2023-45879 MEDIUM POC
5.4 Nov 14

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. Rated medium seve

CVE-2022-27305 HIGH
8.8 May 25

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to se

CVE-2024-51337 LOW POC
3.5 Nov 21

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain

Share

CVE-2025-26211 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy