CVE-2025-15550 MEDIUM

CVE-2025-15550: birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL

Vendor Birkir
Product prime
Weakness CWE-352 · CSRF
Published January 29, 2026
Last update March 5, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query parameters.

Key dates

02Disclosure timeline

January 29, 2026 CVE published
March 5, 2026 Record updated