CVE 8.8 HIGH

CVE-2025-48986_CVE-2025-48986

December 9, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.

AI Analysis

Authorization bypass vulnerability in Revive Adserver allowing attackers to change other users' email addresses and potentially take over their accounts.

Basic Information

ID CVE-2025-48986

Source hackerone

Published Nov 20, 2025 at 19:11

Modified Nov 20, 2025 at 21:38

Affected Product

Vendor Revive

Product Revive Adserver

Version 5.5.2, 6.0.1

Affected Versions Revive Revive Adserver 5
Revive Revive Adserver 6

CWE Classification

CWE-284

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Revive

Product Revive Adserver

Version 5.5.2, 6.0.1

References

hackerone.com /reports/3398283

{
    "lastseen": "",
    "description": "Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.",
    "published": "2025-11-20T19:11:36.449Z",
    "modified": "2025-11-20T21:38:49.611Z",
    "type": "cve",
    "title": "CVE-2025-48986",
    "source": "hackerone",
    "references": "https://hackerone.com/reports/3398283",
    "id": "CVE-2025-48986",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Revive Revive Adserver 5\nRevive Revive Adserver 6",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Revive Adserver",
    "version": "5.5.2, 6.0.1",
    "vendor": "Revive",
    "ai_description": "Authorization bypass vulnerability in Revive Adserver allowing attackers to change other users' email addresses and potentially take over their accounts.",
    "ai_severity": "High",
    "ai_vendor": "Revive",
    "ai_product": "Revive Adserver",
    "ai_version": "5.5.2, 6.0.1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply