vBulletin Vulnerability Exploited in the Wild

vBulletin Vulnerability Exploited in the Wild

Posted on By CWS

A crucial vulnerability affecting the vBulletin discussion board software program is being exploited within the wild, with assaults beginning shortly after disclosure.

Researcher Egidio Romano printed a weblog publish on Could 23 to explain a vBulletin vulnerability that may be exploited for unauthenticated distant code execution. Romano made public technical particulars, in addition to proof-of-concept (PoC) code.

The researcher confirmed that exploitation is feasible in opposition to boards powered by vBulletin variations 5.1.0, 5.7.5, 6.0.1 and 6.0.3, noting that the vulnerability was apparently patched again in April 2024, with none CVE identifier being assigned. 

A number of days after Romano’s weblog publish was printed, KEVIntel reported seeing exploitation makes an attempt in opposition to its honeypots beginning on Could 26. The assault makes an attempt, which concerned requests designed to execute the ‘cmd’ command, have been based mostly on Romano’s PoC exploit.

Honeypots maintained by SANS have additionally seen dozens of exploitation makes an attempt since Could 25. 

It’s unclear what precisely the attackers have executed after exploiting the vulnerability.

The CVE identifiers CVE-2025-48827 and CVE-2025-48828 have now been assigned to the safety gap, one CVE for a protected methodology invocation problem and one for distant code execution by the template engine.  

In-the-wild exploitation of vBulletin vulnerabilities doesn’t look like widespread today. There was no information of assaults focusing on flaws in vBulletin since 2020. A associated vBulletin vulnerability was exploited previous to that in 2019. Commercial. Scroll to proceed studying.

These are the one two vBulletin vulnerabilities at the moment included in CISA’s Identified Exploited Vulnerabilities (KEV) catalog. CVE-2025-48827 and CVE-2025-48828 have but to be added.

Associated: Cityworks Zero-Day Exploited by Chinese language Hackers in US Native Authorities Assaults

Associated: Fortinet Patches Zero-Day Exploited Towards FortiVoice Home equipment

Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects

Security Week News Tags:, , ,

Related Posts

Zoomcar Says Hackers Accessed Data of 8.4 Million Users Zoomcar Says Hackers Accessed Data of 8.4 Million Users Security Week News
Microsoft Patches 57 Vulnerabilities, Three Zero-Days Microsoft Patches 57 Vulnerabilities, Three Zero-Days Security Week News
eScan Antivirus Delivers Malware in Supply Chain Attack eScan Antivirus Delivers Malware in Supply Chain Attack Security Week News
SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation Security Week News
42,000 Impacted by Ingram Micro Ransomware Attack 42,000 Impacted by Ingram Micro Ransomware Attack Security Week News
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure Security Week News