Security Advisory

CVE-2025-48827

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-27 00:00:00

Last updated 2025-05-27 18:03:31

Assigner mitre

State PUBLISHED

Description

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.

← Browse all CVEs View on cve.org ↗