Russian Vulnerability Scanner Database

Back to List

CVE-2025-48828

Scores

EPSS

0.737medium73.7%
0%20%40%60%80%100%

Percentile: 73.7%

CVSS

8.1high3.x
0246810

CVSS Score: 8.1/10

All CVSS Scores

CVSS 3.x
8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the “var_dump”(“test”) syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

anchore_overridesnvd

CWEs

CWE-424

Related Vulnerabilities

BDU:2025-06791

Exploits

Exploit ID: CVE-2025-48828

Source: github-poc

URL: https://github.com/ill-deed/vBulletin-CVE-2025-48828-Multi-target

Reference Links

https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce
https://kevintel.com/CVE-2025-48828
https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/

Vulnerable Software (2)

Type: Configuration

Operating System:

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:vbulletin:vbulletin:6.0.3:*:*:*:*:*:*:*"        }      ],      "negate": false,      "operator": "OR"    }...

Source: anchore_overrides

Type: Configuration

Vendor: *

Product: vbulletin

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:vbulletin:vbulletin:6.0.3:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list