Security Advisory

CVE-2025-48828

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-27 00:00:00

Last updated 2025-05-27 18:04:16

Assigner mitre

State PUBLISHED

Description

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

← Browse all CVEs View on cve.org ↗