📄 Description (English)
Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.
🤖 AI Executive Summary
CVE-2018-25370 is a cross-site request forgery (CSRF) vulnerability in Admidio 3.3.5 that enables low-privilege users to escalate their permissions by exploiting inadequate origin validation. Attackers can craft malicious HTML forms to manipulate role assignments and user approvals without proper authentication. While no patch is available and exploit code is not publicly disclosed, the vulnerability poses a moderate risk to organizations using this open-source group management system, particularly those managing member databases or administrative functions.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 29, 2026 09:35
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using Admidio for member management, particularly government agencies, educational institutions, and non-profit organizations, face privilege escalation risks. Government entities (NCA oversight), universities managing student organizations, and professional associations are most vulnerable. The vulnerability could allow unauthorized role assignments, user approval manipulation, and administrative function abuse. Impact is limited to organizations actively deploying Admidio 3.3.5, but consequences include unauthorized access to sensitive administrative functions and potential data manipulation within member databases.
🏢 Affected Saudi Sectors
Government and Public Administration
Education and Universities
Non-Profit Organizations
Professional Associations
Community Organizations
Healthcare (if using Admidio for member management)
🎯 MITRE ATT&CK Techniques
T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control
T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt
T1548 - Abuse Elevation Control Mechanism
T1539 - Steal Web Session Cookie
T1566.002 - Phishing: Phishing Link
T1204.001 - User Execution: Malicious Link
⚖️ Saudi Risk Score (AI)
5.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all instances of Admidio 3.3.5 in your environment and document their criticality
2. Restrict access to roles_function.php to authenticated users only via web application firewall (WAF) rules
3. Implement CSRF token validation at the application level if possible
4. Review user role assignments and audit logs for unauthorized privilege escalations
Compensating Controls:
1. Deploy WAF rules to block requests to roles_function.php with suspicious parameters (rol_assign_roles, rol_approve_users, rol_edit_user)
2. Implement SameSite cookie attributes (Strict or Lax) to mitigate CSRF attacks
3. Enforce multi-factor authentication for administrative accounts
4. Monitor and log all role assignment and user approval activities
5. Implement Content Security Policy (CSP) headers to prevent malicious form submissions
Detection Rules:
1. Alert on POST requests to roles_function.php with parameters: rol_assign_roles=1, rol_approve_users=1, or rol_edit_user=1
2. Monitor for privilege escalation events where low-privilege users gain administrative roles
3. Track cross-origin requests to roles_function.php
4. Alert on multiple failed authentication attempts followed by successful role modifications
Long-term:
1. Upgrade to Admidio 4.x or later versions when available
2. Consider migrating to actively maintained alternatives if Admidio 3.3.5 support has ended
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع نسخ Admidio 3.3.5 في بيئتك وقثّق أهميتها
2. قيّد الوصول إلى roles_function.php للمستخدمين المصرح لهم فقط عبر قواعد جدار الحماية (WAF)
3. طبّق التحقق من رموز CSRF على مستوى التطبيق إن أمكن
4. راجع تعيينات أدوار المستخدمين وسجلات التدقيق للتصعيدات غير المصرح بها
الضوابط التعويضية:
1. نشّر قواعد WAF لحجب الطلبات إلى roles_function.php بمعاملات مريبة
2. طبّق سمات ملفات تعريف الارتباط SameSite (Strict أو Lax) للتخفيف من هجمات CSRF
3. فرض المصادقة متعددة العوامل للحسابات الإدارية
4. راقب وسجّل جميع أنشطة تعيين الأدوار والموافقة على المستخدمين
5. طبّق رؤوس سياسة أمان المحتوى (CSP) لمنع إرسال النماذج الضارة
قواعد الكشف:
1. تنبيهات على طلبات POST إلى roles_function.php بمعاملات محددة
2. مراقبة أحداث تصعيد الصلاحيات حيث يكتسب المستخدمون ذوو الصلاحيات المنخفضة أدوار إدارية
3. تتبع الطلبات عبر الأصول إلى roles_function.php
4. تنبيهات على محاولات مصادقة فاشلة متعددة متبوعة بتعديلات أدوار ناجحة
المدى الطويل:
1. ترقية إلى Admidio 4.x أو إصدارات لاحقة عند توفرها
2. فكّر في الهجرة إلى بدائل يتم صيانتها بنشاط
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights management
A.6.2.2 - Privilege management
A.7.2.1 - Input validation
A.7.2.2 - Malicious code protection
A.8.2.1 - Event logging
A.8.2.2 - Protection of log information
🔵 SAMA CSF
ID.AM-1 - Asset Management
PR.AC-1 - Access Control Policy
PR.AC-3 - Access Enforcement
PR.AC-4 - Access Rights Management
DE.CM-1 - Detection and Analysis
DE.AE-1 - Anomalies and Events
🟡 ISO 27001:2022
A.5.1.1 - Policies for information security
A.6.1.1 - Information security roles and responsibilities
A.6.2.1 - Information security responsibilities
A.6.2.2 - Information security awareness, education and training
A.7.1.1 - Cryptography policy
A.8.1.1 - User endpoint devices
A.8.2.1 - User access management
A.8.2.2 - Privileged access rights
A.8.3.1 - Password management
A.8.3.2 - Privileged access rights management
🔗 References & Sources 4
🔗
🔗
🔗
🔗
https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download
disclosure@vulncheck.com
https://www.admidio.org/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45322
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/admidio-cross-site-request-forgery-via-roles-funct...
disclosure@vulncheck.com