CVE-2018-25370: Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php
Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.
Security readout for executives and security teams
Plain-English summary
Admidio 3.3.5 is reported vulnerable to cross-site request forgery in role management. A successful attack could change user permissions, creating business risk if Admidio manages membership, staff, or administrative workflows. The source bundle does not show confirmed active exploitation or an official fixed version.
Executive priority
Treat as a moderate priority unless Admidio 3.3.5 is public-facing or used for privileged organizational workflows. In those cases, move quickly to verify exposure, monitor role changes, and follow vendor remediation guidance.
Technical view
The vulnerability is CWE-352 in roles_function.php due to improper origin checking. The advisory describes permission escalation through role-related request handling in Admidio 3.3.5. Evidence includes a public ExploitDB reference, but no KEV listing and no source in the bundle confirming exploitation in the wild.
Likely exposure
Exposure is limited to organizations running Admidio 3.3.5, especially internet-accessible instances with active user or role administration. The bundle does not identify other affected versions or CPEs, so version confirmation is essential.
Exploitation context
A public exploit reference exists, which raises validation urgency. However, KEV is false and the provided sources do not substantiate active exploitation. The bundle is unclear on exact attacker preconditions, so teams should validate behavior in a controlled environment only.
Researcher notes
The record names Admidio 3.3.5 only and cites CWE-352. The description and CVSS metadata may not fully align on attacker preconditions, so avoid assuming unauthenticated exploitation without additional evidence. Public exploit availability is documented, but active exploitation is not.
Mitigation direction
Inventory Admidio deployments and confirm whether version 3.3.5 is in use.
Check Admidio and advisory sources for fixed versions or official workaround guidance.
Restrict access to administrative role-management functions where feasible.
Review recent permission and role changes for unexpected privilege increases.
Prioritize upgrade or compensating controls for internet-facing instances.
Validation and detection
Confirm the running Admidio version from application files or administrative metadata.
Review whether roles_function.php is present and reachable in deployed instances.
Check web logs for unusual role-management requests or permission-change activity.
Audit current users for unexpected administrative or elevated permissions.
Track vendor and advisory pages for correction or remediation details.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-352: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-352 · source CWE mapping
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.