vBulletin Vulnerability Exploited in the Wild

vBulletin Vulnerability Exploited in the Wild

Posted on By CWS

A crucial vulnerability affecting the vBulletin discussion board software program is being exploited within the wild, with assaults beginning shortly after disclosure.

Researcher Egidio Romano printed a weblog publish on Could 23 to explain a vBulletin vulnerability that may be exploited for unauthenticated distant code execution. Romano made public technical particulars, in addition to proof-of-concept (PoC) code.

The researcher confirmed that exploitation is feasible in opposition to boards powered by vBulletin variations 5.1.0, 5.7.5, 6.0.1 and 6.0.3, noting that the vulnerability was apparently patched again in April 2024, with none CVE identifier being assigned. 

A number of days after Romano’s weblog publish was printed, KEVIntel reported seeing exploitation makes an attempt in opposition to its honeypots beginning on Could 26. The assault makes an attempt, which concerned requests designed to execute the ‘cmd’ command, have been based mostly on Romano’s PoC exploit.

Honeypots maintained by SANS have additionally seen dozens of exploitation makes an attempt since Could 25. 

It’s unclear what precisely the attackers have executed after exploiting the vulnerability.

The CVE identifiers CVE-2025-48827 and CVE-2025-48828 have now been assigned to the safety gap, one CVE for a protected methodology invocation problem and one for distant code execution by the template engine.  

In-the-wild exploitation of vBulletin vulnerabilities doesn’t look like widespread today. There was no information of assaults focusing on flaws in vBulletin since 2020. A associated vBulletin vulnerability was exploited previous to that in 2019. Commercial. Scroll to proceed studying.

These are the one two vBulletin vulnerabilities at the moment included in CISA’s Identified Exploited Vulnerabilities (KEV) catalog. CVE-2025-48827 and CVE-2025-48828 have but to be added.

Associated: Cityworks Zero-Day Exploited by Chinese language Hackers in US Native Authorities Assaults

Associated: Fortinet Patches Zero-Day Exploited Towards FortiVoice Home equipment

Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects

Security Week News Tags:, , ,

Related Posts

SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available Security Week News
ThreatSpike Raises Million in Series A Funding ThreatSpike Raises $14 Million in Series A Funding Security Week News
Upwind Raises 0 Million at .5 Billion Valuation Upwind Raises $250 Million at $1.5 Billion Valuation Security Week News
Unbound Raises Million to Secure Gen-AI Adoption Unbound Raises $4 Million to Secure Gen-AI Adoption Security Week News
Farmers Insurance Data Breach Impacts Over 1 Million People Farmers Insurance Data Breach Impacts Over 1 Million People Security Week News
Iranian Hackers Target Defense and Government Officials in Ongoing Campaign Iranian Hackers Target Defense and Government Officials in Ongoing Campaign Security Week News