SunbirdEd-portal: Unauthorized actions can be performed by attackers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

SunbirdEd-portal: Unauthorized actions can be performed by attackers

CVE-2025-70031

Summary

A security issue was found in SunbirdEd-portal version 1.13.4. This could allow an attacker to trick users into performing actions without their permission. To protect your system, update to the latest version of SunbirdEd-portal.

Original title

An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Original description

An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://gist.github.com/zcxlighthouse/470214b2f6fb0c82caecb9f369159006
https://github.com/Sunbird-Ed
https://github.com/Sunbird-Ed/SunbirdEd-portal

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026