CVE-2025-15550 | THREATINT

Description

birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query parameters.

PUBLISHED Reserved 2026-01-29 | Published 2026-01-29 | Updated 2026-01-30 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

Any version

affected

Credits

NinjaGPT finder

Beatriz Fresno Naumova finder

References

github.com/birkir/prime/issues/547 (GitHub Issue #547) issue-tracking

www.vulncheck.com/...a-cross-site-request-forgery-in-graphql (VulnCheck Advisory: birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL) third-party-advisory

cve.org (CVE-2025-15550)

nvd.nist.gov (CVE-2025-15550)

Download JSON