CVE-2025-48827

May 28, 2025 invoker category_news

Security Update News

Update Information

Title CVE-2025-48827
Update ID CVE-2025-48827
Type cve
Published 2025-05-27T04:15:41
Last Updated 2025-05-27T18:15:31

Security Impact

CVSS Score 10.0
Severity CRITICAL
Attack Vector NETWORK

Affected CVEs

  • CVE-2025-48827

Update Details

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers’ methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.