PILOS Exposes PHP version_CVE-2025-62524

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0.

Basic Information

ID CVE-2025-62524

Source GitHub_M

Published Oct 27, 2025 at 20:18

Modified Oct 27, 2025 at 20:39

Affected Product

Vendor THM-Health

Product PILOS

Version < 4.8.0

Affected Versions THM-Health PILOS < 4.8.0

CWE Classification

CWE-200 CWE-497

References

{
    "lastseen": "",
    "description": "PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP\u2019s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0.",
    "published": "2025-10-27T20:18:42.366Z",
    "modified": "2025-10-27T20:39:26.086Z",
    "type": "cve",
    "title": "PILOS Exposes PHP version",
    "source": "GitHub_M",
    "references": "https://github.com/THM-Health/PILOS/security/advisories/GHSA-q93h-5j6h-j22x\nhttps://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8",
    "id": "CVE-2025-62524",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "THM-Health PILOS < 4.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PILOS",
    "version": "< 4.8.0",
    "vendor": "THM-Health",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}