Vulnerability Details
Basic Information
| Title | CVE-2025-30158 NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service |
|---|---|
| Type | vulnrichment |
| Published | 2025-04-18T15:50:49 |
| Last Seen | 2025-04-18T16:23:08 |
| CVSS Score | 7.1 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | LOW |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-30158 |
|---|---|
| CWE | CWE-400 |
| Bulletin Family | cve |
Description
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe’s width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0.
Impact Assessment
| Base Score | 7.1 |
|---|---|
| Severity | HIGH |