vBulletin Vulnerability Exploited in the Wild

vBulletin Vulnerability Exploited in the Wild

Posted on By CWS

A crucial vulnerability affecting the vBulletin discussion board software program is being exploited within the wild, with assaults beginning shortly after disclosure.

Researcher Egidio Romano printed a weblog publish on Could 23 to explain a vBulletin vulnerability that may be exploited for unauthenticated distant code execution. Romano made public technical particulars, in addition to proof-of-concept (PoC) code.

The researcher confirmed that exploitation is feasible in opposition to boards powered by vBulletin variations 5.1.0, 5.7.5, 6.0.1 and 6.0.3, noting that the vulnerability was apparently patched again in April 2024, with none CVE identifier being assigned. 

A number of days after Romano’s weblog publish was printed, KEVIntel reported seeing exploitation makes an attempt in opposition to its honeypots beginning on Could 26. The assault makes an attempt, which concerned requests designed to execute the ‘cmd’ command, have been based mostly on Romano’s PoC exploit.

Honeypots maintained by SANS have additionally seen dozens of exploitation makes an attempt since Could 25. 

It’s unclear what precisely the attackers have executed after exploiting the vulnerability.

The CVE identifiers CVE-2025-48827 and CVE-2025-48828 have now been assigned to the safety gap, one CVE for a protected methodology invocation problem and one for distant code execution by the template engine.  

In-the-wild exploitation of vBulletin vulnerabilities doesn’t look like widespread today. There was no information of assaults focusing on flaws in vBulletin since 2020. A associated vBulletin vulnerability was exploited previous to that in 2019. Commercial. Scroll to proceed studying.

These are the one two vBulletin vulnerabilities at the moment included in CISA’s Identified Exploited Vulnerabilities (KEV) catalog. CVE-2025-48827 and CVE-2025-48828 have but to be added.

Associated: Cityworks Zero-Day Exploited by Chinese language Hackers in US Native Authorities Assaults

Associated: Fortinet Patches Zero-Day Exploited Towards FortiVoice Home equipment

Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects

Security Week News Tags:, , ,

Related Posts

‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT Security Week News
Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities Security Week News
Gambling Tech Firm Bragg Discloses Cyberattack Gambling Tech Firm Bragg Discloses Cyberattack Security Week News
700,000 Records Compromised in Askul Ransomware Attack 700,000 Records Compromised in Askul Ransomware Attack Security Week News
Chrome 138 Update Patches Zero-Day Vulnerability Chrome 138 Update Patches Zero-Day Vulnerability Security Week News
CISA Alerts on Exploited Vulnerability in TeamT5 Product CISA Alerts on Exploited Vulnerability in TeamT5 Product Security Week News