CVE-2025-2621127.05.2025, 04:15Gibbon before 29.0.00 allows CSRF.CSRFEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST3.7 LOWNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NmitreCNA3.7 LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NCISA-ADPADP------Awaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 1%Common Weakness EnumerationCWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Referenceshttps://github.com/GibbonEdu/core/blob/be891ab97b058a933b68354559457c9e310c13b8/modules/Timetable%20Admin/tt_delete.php#L24https://github.com/GibbonEdu/core/releases/tag/v29.0.00