vBulletin (by Internet Brands)

The open-source forum software vBulletin was exposed to two critical vulnerabilities (CVE-2025-48827 and CVE-2025-48828), enabling remote, unauthenticated code execution (RCE) due to improper PHP Reflection API usage. Exploitation attempts were reported on May 26, leveraging an earlier proof-of-concept by researcher Egidio Romano. The flaws affect versions 5.0.0–5.7.5 and 6.0.0–6.0.3 running on PHP 8.1+, risking full system compromise if unpatched. While no confirmed breaches were detailed in the article, the vulnerabilities pose a severe threat to forums using outdated vBulletin installations, potentially allowing attackers to execute arbitrary commands, steal sensitive user data (e.g., credentials, private messages), or deploy malware—including ransomware—across compromised systems. Historical breaches tied to vBulletin flaws (e.g., 2019’s mass exploits) underscore the risk of large-scale data leaks, reputational damage, and operational disruptions for unpatched deployments. Users were urged to apply 2024 patches or upgrade to v6.1.1 to mitigate exposure.

Source: https://www.scworld.com/brief/attacks-exploiting-maximum-severity-vbulletin-vulnerability-ongoing

TPRM report: https://www.rankiteo.com/company/vbulletin-solutions-inc.

"id": "vbu2681826113025",
"linkid": "vbulletin-solutions-inc.",
"type": "Vulnerability",
"date": "6/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'Users of vBulletin 5.0.0–5.7.5 '
                                              'and 6.0.0–6.0.3 (on PHP 8.1+)',
                        'industry': 'Technology (Forum Software)',
                        'name': 'vBulletin (by Internet Brands)',
                        'type': 'Software Vendor'}],
 'attack_vector': ['Improper PHP Reflection API Usage',
                   'Unauthenticated API Method Invocation'],
 'customer_advisories': ['Patch Advisory for vBulletin Users'],
 'date_detected': '2025-05-26',
 'date_publicly_disclosed': '2025-05-26',
 'description': 'BleepingComputer reports that popular open-source commercial '
                'PHP/MySQL-based forum software vBulletin has been impacted by '
                'a pair of critical flaws, including the maximum severity API '
                'method invocation issue (CVE-2025-48827). The vulnerability '
                "arose from vBulletin's improper PHP Reflection API usage, "
                'facilitating completely remote unauthenticated code '
                'execution. Attempted exploitation was initially reported on '
                'May 26, 2025, by security researcher Ryan Dewhurst, involving '
                'an earlier exploit released by Egidio Romano, who discovered '
                'both CVE-2025-48827 and the critical RCE issue '
                'CVE-2025-48828. Users of vBulletin versions 5.0.0–5.7.5 and '
                '6.0.0–6.0.3 running on PHP 8.1 or later are urged to apply '
                'patches or upgrade to version 6.1.1.',
 'impact': {'brand_reputation_impact': ['Potential Reputation Damage Due to '
                                        'Exploitable Flaws'],
            'operational_impact': ['Potential Unauthorized Code Execution',
                                   'Risk of Forum Compromise'],
            'systems_affected': ['vBulletin Forums (Versions 5.0.0–5.7.5, '
                                 '6.0.0–6.0.3 on PHP 8.1+)']},
 'initial_access_broker': {'entry_point': ['Unauthenticated API Endpoint '
                                           '(CVE-2025-48827)',
                                           'PHP Reflection API Misuse'],
                           'high_value_targets': ['vBulletin Forum Databases',
                                                  'Admin Privileges']},
 'investigation_status': 'Ongoing (Exploitation Attempts Reported)',
 'post_incident_analysis': {'corrective_actions': ['Released Patches for '
                                                   'CVE-2025-48827 & '
                                                   'CVE-2025-48828',
                                                   'Version 6.1.1 with Fixes'],
                            'root_causes': ['Improper PHP Reflection API '
                                            'Implementation',
                                            'Lack of Input Validation in API '
                                            'Methods']},
 'recommendations': ['Immediately patch vBulletin installations (versions '
                     '5.0.0–5.7.5, 6.0.0–6.0.3) or upgrade to 6.1.1.',
                     'Monitor for exploitation attempts targeting '
                     'CVE-2025-48827 and CVE-2025-48828.',
                     'Review PHP Reflection API usage in custom applications '
                     'to prevent similar vulnerabilities.'],
 'references': [{'source': 'BleepingComputer'},
                {'date_accessed': '2025-05-26',
                 'source': 'Security Researcher Ryan Dewhurst'},
                {'source': 'Egidio Romano (Original Bug Discoverer)'}],
 'response': {'communication_strategy': ['Public Advisory via BleepingComputer',
                                         'Vendor Notification'],
              'containment_measures': ['Urgent Patching',
                                       'Upgrade to vBulletin 6.1.1'],
              'remediation_measures': ['Apply Security Patches for '
                                       'CVE-2025-48827 & CVE-2025-48828']},
 'title': 'Critical vBulletin Flaws (CVE-2025-48827 & CVE-2025-48828) Enable '
          'Remote Code Execution',
 'type': ['Vulnerability Exploitation', 'Remote Code Execution (RCE)'],
 'vulnerability_exploited': ['CVE-2025-48827', 'CVE-2025-48828']}

vBulletin (by Internet Brands)

Oracle: Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server

TP-Link: TP-Link’s Vulnerability: Critical Patch for VIGI Cameras

Google: Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites