CVE-2025-26211: 
Gibbon vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in Gibbon versions prior to 29.0.00. The vulnerability was assigned CVE-2025-26211 and was disclosed on May 27, 2025. This security issue affects the Gibbon educational platform core system (MITRE CVE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 3.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that while the vulnerability is network-accessible, it requires high attack complexity, no privileges, and no user interaction, resulting in low impact to integrity with no impact to confidentiality or availability (MITRE CVE).

The CSRF vulnerability could allow attackers to perform unauthorized actions on behalf of authenticated users. The impact is primarily limited to integrity, with no direct effect on system confidentiality or availability (NVD).

The vulnerability has been fixed in Gibbon version 29.0.00. Users are advised to upgrade to this version, which includes improved form security with CSRF and nonce token handling (Gibbon Release).

The security improvements were implemented following recommendations from security researcher Pablo Salinas (Pb3l1t0), who helped analyze and identify security improvements for Gibbon (Gibbon Release).