A crucial vulnerability affecting the vBulletin discussion board software program is being exploited within the wild, with assaults beginning shortly after disclosure.
Researcher Egidio Romano printed a weblog publish on Could 23 to explain a vBulletin vulnerability that may be exploited for unauthenticated distant code execution. Romano made public technical particulars, in addition to proof-of-concept (PoC) code.
The researcher confirmed that exploitation is feasible in opposition to boards powered by vBulletin variations 5.1.0, 5.7.5, 6.0.1 and 6.0.3, noting that the vulnerability was apparently patched again in April 2024, with none CVE identifier being assigned.
A number of days after Romano’s weblog publish was printed, KEVIntel reported seeing exploitation makes an attempt in opposition to its honeypots beginning on Could 26. The assault makes an attempt, which concerned requests designed to execute the ‘cmd’ command, have been based mostly on Romano’s PoC exploit.
Honeypots maintained by SANS have additionally seen dozens of exploitation makes an attempt since Could 25.
It’s unclear what precisely the attackers have executed after exploiting the vulnerability.
The CVE identifiers CVE-2025-48827 and CVE-2025-48828 have now been assigned to the safety gap, one CVE for a protected methodology invocation problem and one for distant code execution by the template engine.
In-the-wild exploitation of vBulletin vulnerabilities doesn’t look like widespread today. There was no information of assaults focusing on flaws in vBulletin since 2020. A associated vBulletin vulnerability was exploited previous to that in 2019. Commercial. Scroll to proceed studying.
These are the one two vBulletin vulnerabilities at the moment included in CISA’s Identified Exploited Vulnerabilities (KEV) catalog. CVE-2025-48827 and CVE-2025-48828 have but to be added.
Associated: Cityworks Zero-Day Exploited by Chinese language Hackers in US Native Authorities Assaults
Associated: Fortinet Patches Zero-Day Exploited Towards FortiVoice Home equipment
Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects
