Cyber Resilience

CVE-2025-70027

High

Published: 11 March 2026

Published
11 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 14.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70027 is a high-severity SSRF (CWE-918) vulnerability in Sunbird Sunbirded-Portal. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-70027 is a Server-Side Request Forgery (SSRF) vulnerability, corresponding to CWE-918, discovered in Sunbird-Ed SunbirdEd-portal version 1.13.4. Published on 2026-03-11T15:16:21.507, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no effects on integrity or availability.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation allows attackers to obtain sensitive information hosted on internal systems or otherwise inaccessible resources via forged requests from the vulnerable server.

Mitigation details and further technical information are available in the referenced advisories, including https://gist.github.com/zcxlighthouse/6eac455e9094ae313a1c39c25d520b3d, https://github.com/Sunbird-Ed, and https://github.com/Sunbird-Ed/SunbirdEd-portal.

EU & UK References

Vulnerability details

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing portal directly enables remote exploitation of the application to reach internal resources.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70031Same product: Sunbird Sunbirded-Portal
CVE-2025-70028Same product: Sunbird Sunbirded-Portal
CVE-2025-70030Same product: Sunbird Sunbirded-Portal
CVE-2025-70029Same product: Sunbird Sunbirded-Portal
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-45298Shared CWE-918

Affected Assets

sunbird
sunbirded-portal
1.13.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates user-supplied inputs used to construct server-side requests, preventing attackers from forging requests to internal or sensitive resources in this SSRF vulnerability.

prevent

Monitors and controls communications at system boundaries, blocking unauthorized outbound requests from the vulnerable portal to internal systems.

prevent

Enforces information flow policies to restrict the vulnerable server's access to unauthorized internal destinations targeted by SSRF exploits.

References