CVE-2025-26211EUVD-2025-2772727.05.2025, 04:15Gibbon before 29.0.00 allows CSRF.CSRFEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary3.7 LOWNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NmitreCNA3.7 LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 12%Affected Products (NVD)VendorProductVersiongibbonedugibbon𝑥< 29.0.00𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Referenceshttps://github.com/GibbonEdu/core/blob/be891ab97b058a933b68354559457c9e310c13b8/modules/Timetable%20Admin/tt_delete.php#L24https://github.com/GibbonEdu/core/releases/tag/v29.0.00