AI description
CVE-2025-48828 is a vulnerability affecting vBulletin, a forum software package. It allows attackers to execute arbitrary PHP code by exploiting Template Conditionals in the template engine. This is achieved by crafting malicious template code using alternative PHP function invocation syntax, such as 'var_dump'('test'), which bypasses existing security checks. The vulnerability stems from the ability to invoke protected API controller methods due to changes in PHP 8.1's ReflectionMethod behavior, combined with the ability to bypass template engine security checks. Versions 5.x and 6.x up to 6.0.3 are affected, and a fix is believed to be included in vBulletin version 6.0.4 and later.
- Description
- Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-424
- Hype score
- Not currently trending
🚨CVE-2025-48827 and CVE-2025-48828: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 Remote Code Execution Vulnerabilities FOFA Link: https://t.co/qWSiRQJ33D FOFA Query: app="vBulletin" Results: 26,046 https://t.co/nClEDMSzFO Link: https://t.co/LIk5a7ZTxj Query: https:
@DarkWebInformer
4 Jun 2025
7676 Impressions
14 Retweets
77 Likes
28 Bookmarks
2 Replies
0 Quotes
vBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd) https://t.co/If70utZffE #SANS #Cybersecurity
@PoseidonTPA
3 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
vBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd) #CISO https://t.co/DIinCd1jpC
@compuchris
3 Jun 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
vBulletin Exploits (CVE-2025-48827, CVE-2025-48828) https://t.co/Vo0UulRUpu https://t.co/cQ4lI0nska
@sans_isc
3 Jun 2025
1394 Impressions
4 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities in vBulletin (CVE-2025-48827 and CVE-2025-48828) have been discovered, with active exploitation reported. These flaws allow remote code execution via template engine abuse, affecting versions 5.0.0 to 5.7.5 and 6.0.0 to 6. https://t.co/a6X3w4Dnws
@securityRSS
2 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 vBulletin forums are under attack! Two unauthenticated RCE bugs (CVE-2025-48827 & CVE-2025-48828) threaten any 5.x/6.x install on PHP 8.1+. Don’t wait until compromise—learn how to secure your community here: https://t.co/PMdKkR1oJL 🔒 #infosec https://t.co/YwDHuJ
@BaseFortify
2 Jun 2025
77 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
1 Quote
Two critical vulnerabilities in vBulletin (CVE-2025-48827 and CVE-2025-48828) expose thousands of forums, allowing unauthenticated attackers to gain Remote Code Execution. With a CVSS score of up to 10.0, exploiting these flaws enables attackers to seize full control of affect...
@CybrPulse
2 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【リンク集:5月31日〜6月2日のセキュリティ関連ニュース/記事】 <脆弱性> ・フォーラム構築ソフトvBulletinの重大欠陥をハッカーが悪用(CVE-2025-48827、CVE-2025-48828) https://t.co/S17x8oTc5d ・Ubuntu、RHEL、FedoraにLinu
@MachinaRecord
2 Jun 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities in vBulletin, CVE-2025-48827 and CVE-2025-48828, rated CVSS 10.0 and 9.0, impact versions 5.0.0-5.7.5 and 6.0.0-6.0.3 on PHP 8.1+. Many sites remain vulnerable despite past patches. #Security https://t.co/Siiw4vJqgv
@Strivehawk
1 Jun 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
掲示版ソフトvBulletinの脆弱性が悪用されている。CVE-2025-48827はCVSSスコア10で、PHP 8.1以上で発現。CVE-2025-48828はCVSSスコア9.0で、テンプレートの条件の悪用による任意PHPコード実行。 https://t.co/oSBG9LMl6P
@__kokumoto
1 Jun 2025
1096 Impressions
0 Retweets
10 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-48828 (CVSS:9.0, CRITICAL) is Awaiting Analysis. Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the t..https://t.co/3uj9UqGFyF #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
1 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are actively exploiting critical vulnerabilities CVE-2025-48827 & CVE-2025-48828 in vBulletin, enabling remote code execution via template abuse. Affected versions should update to 6.1.1 ASAP. 🔓 #vBulletin #CyberAlert #UK https://t.co/3gpYXrQp2v
@TweetThreatNews
30 May 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
重大な脆弱性が出ると毎回世界中で漏えい祭りが起きているvBulletinですが、今回はパッチ適用済みがどれだけあるんですかね。 CVE-2025-48827 CVE-2025-48828 Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE https:/
@autumn_good_35
30 May 2025
432 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-48828 ⚠️🔴 CRITICAL (9) 🏢 vBulletin - vBulletin 🏗️ 6.0.3 🔗 https://t.co/Ai3ABffOu2 🔗 https://t.co/QKw4SAJymA #CyberCron #VulnAlert #InfoSec https://t.co/wNhnQRXLJV
@cybercronai
27 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-48828: CRITICAL] Beware! Vulnerabilities in certain vBulletin versions allow attackers to run PHP code through the template engine. Stay alert and ensure your cyber security measures are robust.#cve,CVE-2025-48828,#cybersecurity https://t.co/mOzcR7UiGL https://t.co/I2Ia
@CveFindCom
27 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48828 Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in a… https://t.co/UydJA49bEJ
@CVEnew
27 May 2025
530 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes