Vulnerability-Lookup

CVE-2025-48827 (GCVE-0-2025-48827)

Vulnerability from cvelistv5 – Published: 2025-05-27 00:00 – Updated: 2025-05-27 18:03

KEVintel KEV

Summary

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-424 - Improper Protection of Alternate Path

Assigner

mitre

References

3 references

URL	Tags
https://karmainsecurity.com/dont-call-that-protec…
https://kevintel.com/CVE-2025-48827
https://blog.kevintel.com/vbulletin-replaceadtemp…	exploit

Impacted products

1 product

Vendor	Product	Version
vBulletin	vBulletin	Affected: 5.0.0 , ≤ 5.7.5 (custom) Affected: 6.0.0 , ≤ 6.0.3 (custom)

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 4c695edc-f33a-4625-8ea6-c11328201274

Vulnerability ID: CVE-2025-48827

Status: Confirmed

Status Updated: 2026-06-03 10:06 UTC

Exploited: Yes

Timestamps

First Seen: 2026-06-03

Asserted: 2026-06-03

Scope

Notes: KEVIntel entry: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP... | Affected: vBulletin / vBulletin | CVSS: 10.0 (CRITICAL) | EPSS: 0.69649 | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP...
Vendor	vBulletin
Product	vBulletin
Added Date	2026-06-03T10:06:54.268Z
Cvss Score	10.0
Epss Score	0.69649
Cvss Severity	CRITICAL
Epss Percentile	0.9928
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	True

References

Created: 2026-06-19 12:45 UTC | Updated: 2026-06-19 12:45 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48827",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:05:23.541754Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T18:03:31.961Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "vBulletin",
          "vendor": "vBulletin",
          "versions": [
            {
              "lessThanOrEqual": "5.7.5",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.3",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "5.7.5",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "6.0.3",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-424",
              "description": "CWE-424 Improper Protection of Alternate Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-27T12:48:14.571Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
        },
        {
          "url": "https://kevintel.com/CVE-2025-48827"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-48827",
    "datePublished": "2025-05-27T00:00:00.000Z",
    "dateReserved": "2025-05-27T00:00:00.000Z",
    "dateUpdated": "2025-05-27T18:03:31.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-48827",
      "date": "2026-06-19",
      "epss": "0.69649",
      "percentile": "0.9928"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48827\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-05-27T04:15:41.230\",\"lastModified\":\"2025-06-25T16:46:46.703\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.\"},{\"lang\":\"es\",\"value\":\"vBulletin 5.0.0 a 5.7.5 y 6.0.0 a 6.0.3 permite a usuarios no autenticados invocar m\u00e9todos de controladores de API protegidos cuando se ejecutan en PHP 8.1 o posterior, como lo demuestra el patr\u00f3n /api.php?method=protectedMethod.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-424\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.7.5\",\"matchCriteriaId\":\"115A7058-0E2E-4289-B7EC-CB803BB18886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.3\",\"matchCriteriaId\":\"26F33424-A1A0-4093-A576-8EAC1C0018AC\"}]}]}],\"references\":[{\"url\":\"https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://kevintel.com/CVE-2025-48827\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Broken Link\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48827\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-27T14:05:23.541754Z\"}}}], \"references\": [{\"url\": \"https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-27T14:05:18.654Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"vBulletin\", \"product\": \"vBulletin\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.7.5\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.0.3\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce\"}, {\"url\": \"https://kevintel.com/CVE-2025-48827\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-424\", \"description\": \"CWE-424 Improper Protection of Alternate Path\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"5.7.5\", \"versionStartIncluding\": \"5.0.0\"}, {\"criteria\": \"cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.0.3\", \"versionStartIncluding\": \"6.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-05-27T12:48:14.571Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48827\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-27T18:03:31.961Z\", \"dateReserved\": \"2025-05-27T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-05-27T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2025-06790

Vulnerability from fstec - Published: 23.05.2025

Title

Уязвимость коммерческого веб-форума vBulletin, связанная с неправильной защитой альтернативного пути, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость коммерческого веб-форума vBulletin связана с неправильной защитой альтернативного пути. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

vBulletin, PHP Group

Software Name

vBulletin, PHP

Software Version

от 5.0.0 до 5.7.5 включительно (vBulletin), от 6.0.0 до 6.0.3 включительно (vBulletin), 8.1 (PHP)

Possible Mitigations

Компенсирующие меры: - проверка динамического отражения методов на ограничение доступа; - использование верисии PHP 8.0 или ниже; - отключение Reflection API для API-маршрутов; - ограничение доступа к /ajax/api/ (использование.htaccess (Apache) или Nginx); - использование SIEM-систем для включения в правила корреляции индикаторов компрометации.

Reference

https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

CWE

CWE-424

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "vBulletin, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.0.0 \u0434\u043e 5.7.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (vBulletin), \u043e\u0442 6.0.0 \u0434\u043e 6.0.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (vBulletin), 8.1 (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043d\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0435\u0440\u0438\u0441\u0438\u0438 PHP 8.0 \u0438\u043b\u0438 \u043d\u0438\u0436\u0435;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 Reflection API \u0434\u043b\u044f API-\u043c\u0430\u0440\u0448\u0440\u0443\u0442\u043e\u0432;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a /ajax/api/ (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435.htaccess (Apache) \u0438\u043b\u0438 Nginx);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u043e\u0440\u0440\u0435\u043b\u044f\u0446\u0438\u0438 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.06.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-06790",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-48827",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "vBulletin, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0432\u0435\u0431-\u0444\u043e\u0440\u0443\u043c\u0430 vBulletin, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 (CWE-424)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0432\u0435\u0431-\u0444\u043e\u0440\u0443\u043c\u0430 vBulletin \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-424",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}

FKIE_CVE-2025-48827

Vulnerability from fkie_nvd - Published: 2025-05-27 04:15 - Updated: 2026-06-17 09:30

KEVintel KEV

Severity

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce	Exploit, Third Party Advisory
cve@mitre.org	https://kevintel.com/CVE-2025-48827	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/	Broken Link

Impacted products

	Vendor	Product	Version
	vbulletin	vbulletin	*
	vbulletin	vbulletin	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unknown",
          "product": "vBulletin",
          "vendor": "vBulletin",
          "versions": [
            {
              "lessThanOrEqual": "5.7.5",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.0.3",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "115A7058-0E2E-4289-B7EC-CB803BB18886",
              "versionEndIncluding": "5.7.5",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F33424-A1A0-4093-A576-8EAC1C0018AC",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025."
    },
    {
      "lang": "es",
      "value": "vBulletin 5.0.0 a 5.7.5 y 6.0.0 a 6.0.3 permite a usuarios no autenticados invocar m\u00e9todos de controladores de API protegidos cuando se ejecutan en PHP 8.1 o posterior, como lo demuestra el patr\u00f3n /api.php?method=protectedMethod."
    }
  ],
  "id": "CVE-2025-48827",
  "lastModified": "2026-06-17T09:30:23.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-48827",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-05-27T14:05:23.541754Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2025-05-27T04:15:41.230",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kevintel.com/CVE-2025-48827"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Broken Link"
      ],
      "url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-424"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}

GHSA-23FP-MRFV-CWV4

Vulnerability from github – Published: 2025-05-27 06:30 – Updated: 2025-05-27 18:30

Details

Severity

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-48827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-424"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-27T04:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern.",
  "id": "GHSA-23fp-mrfv-cwv4",
  "modified": "2025-05-27T18:30:49Z",
  "published": "2025-05-27T06:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48827"
    },
    {
      "type": "WEB",
      "url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev"
    },
    {
      "type": "WEB",
      "url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
    },
    {
      "type": "WEB",
      "url": "https://kevintel.com/CVE-2025-48827"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2025-1148

Vulnerability from csaf_certbund - Published: 2025-05-26 22:00 - Updated: 2025-06-01 22:00

Summary

vBulletin Connect: Mehrere Schwachstellen ermöglichen Codeausführung

Severity

Kritisch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: vBulletin Connect ist eine Software für Online-Foren.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vBulletin Connect ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2025-48827

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vBulletin Connect 6.0.0-6.0.3 vBulletin / Connect	`cpe:/a:vbulletin:connect:6.0.0_-_6.0.3`	6.0.0-6.0.3
vBulletin Connect 5.0.0-5.7.5 vBulletin / Connect	`cpe:/a:vbulletin:connect:5.0.0_-_5.7.5`	5.0.0-5.7.5

CVE-2025-48828

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vBulletin Connect 6.0.0-6.0.3 vBulletin / Connect	`cpe:/a:vbulletin:connect:6.0.0_-_6.0.3`	6.0.0-6.0.3
vBulletin Connect 5.0.0-5.7.5 vBulletin / Connect	`cpe:/a:vbulletin:connect:5.0.0_-_5.7.5`	5.0.0-5.7.5

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/advisories/GHSA-23fp-mrfv-cwv4	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48828	external
https://karmainsecurity.com/dont-call-that-protec…	external
https://karmainsecurity.com/pocs/vBulletin-replac…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "vBulletin Connect ist eine Software f\u00fcr Online-Foren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vBulletin Connect ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1148 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1148.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1148 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1148"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-05-26",
        "url": "https://github.com/advisories/GHSA-23fp-mrfv-cwv4"
      },
      {
        "category": "external",
        "summary": "CVE-2025-48828 Detail",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48828"
      },
      {
        "category": "external",
        "summary": "N-Day vBulletin RCE",
        "url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
      },
      {
        "category": "external",
        "summary": "Proof-of-Concept",
        "url": "https://karmainsecurity.com/pocs/vBulletin-replaceAdTemplate-RCE.php"
      }
    ],
    "source_lang": "en-US",
    "title": "vBulletin Connect: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-06-01T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-02T11:06:31.306+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1148",
      "initial_release_date": "2025-05-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.0.0-5.7.5",
                "product": {
                  "name": "vBulletin Connect 5.0.0-5.7.5",
                  "product_id": "T044150",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vbulletin:connect:5.0.0_-_5.7.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.0.0-6.0.3",
                "product": {
                  "name": "vBulletin Connect 6.0.0-6.0.3",
                  "product_id": "T044151",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vbulletin:connect:6.0.0_-_6.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Connect"
          }
        ],
        "category": "vendor",
        "name": "vBulletin"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48827",
      "product_status": {
        "known_affected": [
          "T044151",
          "T044150"
        ]
      },
      "release_date": "2025-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-48827"
    },
    {
      "cve": "CVE-2025-48828",
      "product_status": {
        "known_affected": [
          "T044151",
          "T044150"
        ]
      },
      "release_date": "2025-05-26T22:00:00.000+00:00",
      "title": "CVE-2025-48828"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-48827 (GCVE-0-2025-48827)

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

BDU:2025-06790

FKIE_CVE-2025-48827

GHSA-23FP-MRFV-CWV4

WID-SEC-W-2025-1148

Tags

Sightings

Nomenclature