CVE-2025-52666 | THREATINT

Description

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.

PUBLISHED Reserved 2025-06-18 | Published 2025-11-20 | Updated 2025-11-20 | Assigner hackerone

LOW: 2.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Product status

6.0.1 (semver)

affected

5.5.2 (semver)

affected

6.0.2 (semver)

unaffected

5.5.3 (semver)

unaffected

References

hackerone.com/reports/3399218 exploit

hackerone.com/reports/3399218

cve.org (CVE-2025-52666)

nvd.nist.gov (CVE-2025-52666)

Download JSON