CVE-2025-48827

Published May 27, 2025

Last updated 10 days ago

CVSS critical 10.0
vBulletin

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48827 affects vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3. The vulnerability allows unauthenticated users to invoke protected API controller methods when running on PHP 8.1 or later. This can be exploited using the `/api.php?method=protectedMethod` pattern. The flaw arises from the misuse of PHP's Reflection API within vBulletin's API controller logic, particularly in PHP 8.1, which allows the invocation of protected and private methods through `ReflectionMethod::invoke()`. Attackers can exploit the flaw by directly invoking internal protected methods not intended for external access. The `vB_Api_Ad::replaceAdTemplate()` method can act as a remote code execution (RCE) vector by allowing the creation or modification of advertisement templates, where malicious code can be injected.

Description
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-424

Social media

Hype score
Not currently trending

  1. 🚨CVE-2025-48827 and CVE-2025-48828: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 Remote Code Execution Vulnerabilities FOFA Link: https://t.co/qWSiRQJ33D FOFA Query: app="vBulletin" Results: 26,046 https://t.co/nClEDMSzFO Link: https://t.co/LIk5a7ZTxj Query: https:

    @DarkWebInformer

    4 Jun 2025

    7676 Impressions

    14 Retweets

    77 Likes

    28 Bookmarks

    2 Replies

    0 Quotes

  2. vBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd) https://t.co/If70utZffE #SANS #Cybersecurity

    @PoseidonTPA

    3 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. vBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd) #CISO https://t.co/DIinCd1jpC

    @compuchris

    3 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. vBulletin Exploits (CVE-2025-48827, CVE-2025-48828) https://t.co/Vo0UulRUpu https://t.co/cQ4lI0nska

    @sans_isc

    3 Jun 2025

    1394 Impressions

    4 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Two critical vulnerabilities in vBulletin (CVE-2025-48827 and CVE-2025-48828) have been discovered, with active exploitation reported. These flaws allow remote code execution via template engine abuse, affecting versions 5.0.0 to 5.7.5 and 6.0.0 to 6. https://t.co/a6X3w4Dnws

    @securityRSS

    2 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. A critical vBulletin vulnerability (CVE-2025-48827, 48828) permits unauthenticated remote code execution. Exploited shortly after patch in April 2024, attack attempts detected since May 25. Stay vigilant. 🖥️ #BugAlert #CyberAlert #UK https://t.co/CKnx1dHynr

    @TweetThreatNews

    2 Jun 2025

    100 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 vBulletin forums are under attack! Two unauthenticated RCE bugs (CVE-2025-48827 & CVE-2025-48828) threaten any 5.x/6.x install on PHP 8.1+. Don’t wait until compromise—learn how to secure your community here: https://t.co/PMdKkR1oJL 🔒 #infosec https://t.co/YwDHuJ

    @BaseFortify

    2 Jun 2025

    77 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    1 Quote

  8. Two critical vulnerabilities in vBulletin (CVE-2025-48827 and CVE-2025-48828) expose thousands of forums, allowing unauthenticated attackers to gain Remote Code Execution. With a CVSS score of up to 10.0, exploiting these flaws enables attackers to seize full control of affect...

    @CybrPulse

    2 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 🚨 Critical vBulletin RCE exploits ACTIVE! 🚨 CVE-2025-48827/48828 allow unauthenticated attackers to run code remotely. Update to 6.0.4+, patch, and monitor `/ajax/api/ad/replaceAdTemplate`. Stay secure! 🛡️ #Cybersecurity #vBulletin #RCE https://t.co/d5QuoQYhNU

    @fernandokarl

    2 Jun 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 【リンク集:5月31日〜6月2日のセキュリティ関連ニュース/記事】 <脆弱性> ・フォーラム構築ソフトvBulletinの重大欠陥をハッカーが悪用(CVE-2025-48827、CVE-2025-48828) https://t.co/S17x8oTc5d ・Ubuntu、RHEL、FedoraにLinu

    @MachinaRecord

    2 Jun 2025

    115 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Two critical vulnerabilities in vBulletin, CVE-2025-48827 and CVE-2025-48828, rated CVSS 10.0 and 9.0, impact versions 5.0.0-5.7.5 and 6.0.0-6.0.3 on PHP 8.1+. Many sites remain vulnerable despite past patches. #Security https://t.co/Siiw4vJqgv

    @Strivehawk

    1 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 掲示版ソフトvBulletinの脆弱性が悪用されている。CVE-2025-48827はCVSSスコア10で、PHP 8.1以上で発現。CVE-2025-48828はCVSSスコア9.0で、テンプレートの条件の悪用による任意PHPコード実行。 https://t.co/oSBG9LMl6P

    @__kokumoto

    1 Jun 2025

    1096 Impressions

    0 Retweets

    10 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2025-48827 (CVSS:10.0, CRITICAL) is Awaiting Analysis. vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' ..https://t.co/8cE7jzctfp #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    1 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Due falle critiche minacciano Linux e vBulletin: rischio di RCE e furto dati Vulnerabilità, Apport, core dump, CVE-2025-48827, CVE-2025-5054, exploit PHP, Linux, PHP Reflection, systemd-coredump, vBulletin https://t.co/Feyu3T2wmK https://t.co/tgLcakSONV

    @matricedigitale

    31 May 2025

    50 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. CVE-2025-48827: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.

    @cyber_advising

    30 May 2025

    1260 Impressions

    6 Retweets

    12 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  16. Hackers are actively exploiting critical vulnerabilities CVE-2025-48827 & CVE-2025-48828 in vBulletin, enabling remote code execution via template abuse. Affected versions should update to 6.1.1 ASAP. 🔓 #vBulletin #CyberAlert #UK https://t.co/3gpYXrQp2v

    @TweetThreatNews

    30 May 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. POC CVE-2025-48827 : Critical Unauthenticated API Access in vBulletin https://t.co/wU4qCtxAu5 https://t.co/sZyLhjW8Wl

    @d4rk_c0r3

    30 May 2025

    50 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. 重大な脆弱性が出ると毎回世界中で漏えい祭りが起きているvBulletinですが、今回はパッチ適用済みがどれだけあるんですかね。 CVE-2025-48827 CVE-2025-48828 Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE https:/

    @autumn_good_35

    30 May 2025

    432 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. GitHub - 0xgh057r3c0n/CVE-2025-48827: Critical Unauthenticated API Access in vBulletin - https://t.co/zWdzsDRndQ

    @piedpiper1616

    30 May 2025

    1477 Impressions

    13 Retweets

    34 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨Alert🚨CVE-2025-48827 : Critical Unauthenticated API Access in vBulletin 🔥PoC: https://t.co/ADRqJ3ToEY 🧐Deep Dive : https://t.co/aBnZeItzr4 📊 42.5K+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/Isu6ovFZCi 👇Query HUNTER :

    @HunterMapping

    28 May 2025

    2536 Impressions

    16 Retweets

    36 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 CVE-2025-48827 ⚠️🔴 CRITICAL (10) 🏢 vBulletin - vBulletin 🏗️ 5.0.0 🔗 https://t.co/Ai3ABffOu2 🔗 https://t.co/nfgWetrDNS #CyberCron #VulnAlert #InfoSec https://t.co/PzJGD1QMF9

    @cybercronai

    27 May 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. [CVE-2025-48827: CRITICAL] Cyber security alert: vBulletin versions 5.0.0 to 5.7.5 and 6.0.0 to 6.0.3 are vulnerable, enabling unauthenticated users to access protected API methods on PHP 8.1+.#cve,CVE-2025-48827,#cybersecurity https://t.co/Yjd2XZBv1e https://t.co/zxYhEvCH4N

    @CveFindCom

    27 May 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2025-48827 vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as d… https://t.co/U5hsda9dJb

    @CVEnew

    27 May 2025

    540 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.