CVE-2025-48828 | THREATINT

Description

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

PUBLISHED Reserved 2025-05-27 | Published 2025-05-27 | Updated 2025-05-27 | Assigner mitre

CRITICAL: 9.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-424 Improper Protection of Alternate Path

Product status

Default status

unknown

6.0.3 (custom)

affected

References

blog.kevintel.com/vbulletin-replaceadtemplate-kev/ exploit

karmainsecurity.com/...l-that-protected-method-vbulletin-rce

kevintel.com/CVE-2025-48828

cve.org (CVE-2025-48828)

nvd.nist.gov (CVE-2025-48828)

Download JSON