Well not necessarily, for example when you want to edit the profile here on QAForums, it prompts you for your password as a security measure, but this is not always the case. You would only be able to access your profile from within your login. Hence once inside your login, editing the profile need not ask for password confirmation (Many of the systems work this way)
It depends when this thing happens that is not asking for the old password. Say if this is the case even when you are not already logged on then it is a serious flaw as anybody else with your username can change your password. But if this happens only after you have logged in then it may not be necessary. In some systems once you log in, it saves a cookie on your machine and checks for it runtime, if it finds one then it skips the confirmation stage and directly goes onto the next, editing profile in your case.
However it is always a good idea to confirm the authenticity.