Refine your search
15 vulnerabilities found for by Revive
CVE-2025-52668 (GCVE-0-2025-52668)
Vulnerability from cvelistv5
Published
2025-11-20 19:11
Modified
2025-11-20 21:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52668",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:33:07.535626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:33:11.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3400506"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.482Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3400506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52668",
"datePublished": "2025-11-20T19:11:36.482Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:33:11.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48986 (GCVE-0-2025-48986)
Vulnerability from cvelistv5
Published
2025-11-20 19:11
Modified
2025-11-20 21:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 5 ≤ 5.5.2 Version: 6 ≤ 6.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:38:45.725279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:38:49.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3398283"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users\u0027 email address and potentialy take over their accounts using the forgot password functionality."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.449Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3398283"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48986",
"datePublished": "2025-11-20T19:11:36.449Z",
"dateReserved": "2025-05-29T15:00:04.775Z",
"dateUpdated": "2025-11-20T21:38:49.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48987 (GCVE-0-2025-48987)
Vulnerability from cvelistv5
Published
2025-11-20 19:11
Modified
2025-11-20 21:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48987",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:39:43.502797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:39:46.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3399191"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.436Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48987",
"datePublished": "2025-11-20T19:11:36.436Z",
"dateReserved": "2025-05-29T15:00:04.775Z",
"dateUpdated": "2025-11-20T21:39:46.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55123 (GCVE-0-2025-55123)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 21:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55123",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:40:43.687422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:40:47.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3404968"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.783Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3404968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55123",
"datePublished": "2025-11-20T19:10:15.783Z",
"dateReserved": "2025-08-07T15:00:05.575Z",
"dateUpdated": "2025-11-20T21:40:47.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52671 (GCVE-0-2025-52671)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 21:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52671",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:41:33.086687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:41:36.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3403450"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.756Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3403450"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52671",
"datePublished": "2025-11-20T19:10:15.756Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:41:36.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52666 (GCVE-0-2025-52666)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 21:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6.0.1 ≤ 6.0.1 Version: 5.5.2 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52666",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:42:31.010532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:42:35.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3399218"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.725Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399218"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52666",
"datePublished": "2025-11-20T19:10:15.725Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:42:35.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52669 (GCVE-0-2025-52669)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 21:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52669",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:43:22.750442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:43:25.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3401464"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.642Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3401464"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52669",
"datePublished": "2025-11-20T19:10:15.642Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:43:25.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55124 (GCVE-0-2025-55124)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 21:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55124",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:44:31.549402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:44:35.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3403727"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.617Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3403727"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55124",
"datePublished": "2025-11-20T19:10:15.617Z",
"dateReserved": "2025-08-07T15:00:05.575Z",
"dateUpdated": "2025-11-20T21:44:35.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52670 (GCVE-0-2025-52670)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 21:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52670",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:01:32.830750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:01:42.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.391Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3401612"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52670",
"datePublished": "2025-11-20T19:10:15.391Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:01:42.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52667 (GCVE-0-2025-52667)
Vulnerability from cvelistv5
Published
2025-11-20 19:10
Modified
2025-11-20 20:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.1 Version: 5 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T20:56:09.888105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:56:25.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.360Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399809"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52667",
"datePublished": "2025-11-20T19:10:15.360Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T20:56:25.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55126 (GCVE-0-2025-55126)
Vulnerability from cvelistv5
Published
2025-11-20 19:07
Modified
2025-11-20 20:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T20:57:24.846122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T20:57:50.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.2",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.3",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:07:42.392Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3411750"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55126",
"datePublished": "2025-11-20T19:07:42.392Z",
"dateReserved": "2025-08-07T15:00:05.576Z",
"dateUpdated": "2025-11-20T20:57:50.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55127 (GCVE-0-2025-55127)
Vulnerability from cvelistv5
Published
2025-11-20 19:07
Modified
2025-11-20 21:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55127",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:19:19.157290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-156",
"description": "CWE-156 Improper Neutralization of Whitespace",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:19:26.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.2",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.3",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion."
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:07:15.245Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3413764"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55127",
"datePublished": "2025-11-20T19:07:15.245Z",
"dateReserved": "2025-08-07T15:00:05.576Z",
"dateUpdated": "2025-11-20T21:19:26.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55128 (GCVE-0-2025-55128)
Vulnerability from cvelistv5
Published
2025-11-20 19:06
Modified
2025-11-20 21:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6 ≤ 6.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55128",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:00:53.702989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:01:05.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.2",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.3",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the \u201cuserlog-index.php\u201d. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:06:52.867Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3413890"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55128",
"datePublished": "2025-11-20T19:06:52.867Z",
"dateReserved": "2025-08-07T15:00:05.576Z",
"dateUpdated": "2025-11-20T21:01:05.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27208 (GCVE-0-2025-27208)
Vulnerability from cvelistv5
Published
2025-10-30 23:32
Modified
2025-11-03 17:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed.
The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 5.5.2 ≤ 5.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:48:53.803332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T14:49:14.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:32:21.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5.5.2",
"versionType": "semver"
},
{
"lessThan": "6.0.0",
"status": "unaffected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim\u0027s browser. The session cookie cannot be accessed, but a number of other operations could be performed.\r\n\r\nThe vulnerability is present in the admin-search.php file and can be exploited via the compact parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:32:11.103Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3091390"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-27208",
"datePublished": "2025-10-30T23:32:11.103Z",
"dateReserved": "2025-02-20T01:00:01.798Z",
"dateUpdated": "2025-11-03T17:32:21.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52664 (GCVE-0-2025-52664)
Vulnerability from cvelistv5
Published
2025-10-30 23:29
Modified
2025-11-03 17:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 6.0.0 ≤ 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:47:20.779767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T14:47:34.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:56.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "unaffected",
"version": "6.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/CR:X/IR:X/AR:X",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:29:22.906Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3395221"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52664",
"datePublished": "2025-10-30T23:29:22.906Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-03T17:44:56.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}