While I’m unsure whether or not this should be considered an actual vulnerability
A CSRF vulnerability should definitely be considered an actual vulnerability. In fact, it is rated 8. on the OWASP Top 10.
It might not be the most dangerous vulnerability to have, but it is definitely a vulnerability. It is good that it has been fixed.
