vBulletin Vulnerability Exploited in the Wild

vBulletin Vulnerability Exploited in the Wild

Posted on By CWS

A crucial vulnerability affecting the vBulletin discussion board software program is being exploited within the wild, with assaults beginning shortly after disclosure.

Researcher Egidio Romano printed a weblog publish on Could 23 to explain a vBulletin vulnerability that may be exploited for unauthenticated distant code execution. Romano made public technical particulars, in addition to proof-of-concept (PoC) code.

The researcher confirmed that exploitation is feasible in opposition to boards powered by vBulletin variations 5.1.0, 5.7.5, 6.0.1 and 6.0.3, noting that the vulnerability was apparently patched again in April 2024, with none CVE identifier being assigned. 

A number of days after Romano’s weblog publish was printed, KEVIntel reported seeing exploitation makes an attempt in opposition to its honeypots beginning on Could 26. The assault makes an attempt, which concerned requests designed to execute the ‘cmd’ command, have been based mostly on Romano’s PoC exploit.

Honeypots maintained by SANS have additionally seen dozens of exploitation makes an attempt since Could 25. 

It’s unclear what precisely the attackers have executed after exploiting the vulnerability.

The CVE identifiers CVE-2025-48827 and CVE-2025-48828 have now been assigned to the safety gap, one CVE for a protected methodology invocation problem and one for distant code execution by the template engine.  

In-the-wild exploitation of vBulletin vulnerabilities doesn’t look like widespread today. There was no information of assaults focusing on flaws in vBulletin since 2020. A associated vBulletin vulnerability was exploited previous to that in 2019. Commercial. Scroll to proceed studying.

These are the one two vBulletin vulnerabilities at the moment included in CISA’s Identified Exploited Vulnerabilities (KEV) catalog. CVE-2025-48827 and CVE-2025-48828 have but to be added.

Associated: Cityworks Zero-Day Exploited by Chinese language Hackers in US Native Authorities Assaults

Associated: Fortinet Patches Zero-Day Exploited Towards FortiVoice Home equipment

Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Prospects

Security Week News Tags:, , ,

Related Posts

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks Security Week News
ICS Cybersecurity Conference Celebrates 25th Anniversary in Nashville ICS Cybersecurity Conference Celebrates 25th Anniversary in Nashville Security Week News
Daemon Tools Supply Chain Attack Targets Global Institutions Daemon Tools Supply Chain Attack Targets Global Institutions Security Week News
LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’ LLMs Hijacked, Monetized in ‘Operation Bizarre Bazaar’ Security Week News
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit Security Week News
Global Agencies Dismantle SocksEscort Proxy Network Global Agencies Dismantle SocksEscort Proxy Network Security Week News