VDB
WID-SEC-W-2025-1148
WID-SEC-W-2025-1148
PUBLISHED
vBulletin Connect ist eine Software für Online-Foren.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 5.0.0 | ||
| 6.0.0 |
Exploit Intelligence
- This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely. (github-poc-repo)
- Batch RCE scanner for vulnerable vBulletin instances using replaceAdTemplate exploit. (github-poc)
- This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely. (github-poc)
- Vbullettin RCE - CVE-2025-48827 (github-poc)
- Critical Unauthenticated API Access in vBulletin (github-poc)
- https://karmainsecurity.com/pocs/vBulletin-replaceAdTemplate-RCE.php (circl)
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1148.json (circl)
- https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce (circl)
- https://nvd.nist.gov/vuln/detail/CVE-2025-48828 (circl)
- https://github.com/advisories/GHSA-23fp-mrfv-cwv4 (circl)
…and 3 more exploits
Timeline
- May 26, 2025 CVE Published
- Jun 1, 2025 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1148.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1148 advisory
- https://github.com/advisories/GHSA-23fp-mrfv-cwv4 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-48828 url
- https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce url
- https://karmainsecurity.com/pocs/vBulletin-replaceAdTemplate-RCE.php url