CVE-2025-31118

Published Apr 18, 2025

Last updated a month ago

CVSS high 7.1

Overview

Description: NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Severity: HIGH

Weaknesses

security-advisories@github.com: CWE-400
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

🚨 CVE-2025-31118 🔴 HIGH (7.1) 🏢 NamelessMC - Nameless 🏗️ < 2.2.0 🔗 https://t.co/41osdI9Bs5 🔗 https://t.co/XubNCRKXHQ 🔗 https://t.co/ayi8BlFVQJ #CyberCron #VulnAlert #InfoSec https://t.co/WD2WupDL97
@cybercronai
19 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A429B30-0D89-49F2-BAE4-61911F252441",
            "versionEndExcluding": "2.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References