Vulnerability cyber

vBulletin

Jun 2, 2025 1 min read
vBulletin

A critical, unauthenticated remote code execution (RCE) vulnerability in vBulletin forum software is being actively exploited. The vulnerability, assigned CVE-2025-48827 and CVE-2025-48828, affects versions 5.0.0 through 6.0.3. Despite patches being available for over a year, numerous installations remain vulnerable. The flaw allows attackers to execute arbitrary commands on vulnerable servers without authentication. Organizations running unpatched versions face significant risk as the vulnerability affects a broad range of installations.

Source: https://cybersecuritynews.com/critical-vbulletin-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/vbulletin-solutions-inc.

"id": "vbu743060225",
"linkid": "vbulletin-solutions-inc.",
"type": "Vulnerability",
"date": "6/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Internet', 'type': 'Forum Software'}],
 'attack_vector': 'Unauthenticated access to vulnerable endpoint',
 'date_detected': '2025-05-26',
 'date_publicly_disclosed': '2025-05-23',
 'description': 'A critical, unauthenticated remote code execution '
                'vulnerability in vBulletin forum software is being actively '
                'exploited. The vulnerability, assigned CVE-2025-48827 and '
                'CVE-2025-48828, affects vBulletin versions 5.0.0 through '
                '6.0.3.',
 'impact': {'systems_affected': 'vBulletin installations'},
 'initial_access_broker': {'entry_point': 'ajax/api/ad/replaceAdTemplate',
                           'high_value_targets': 'vBulletin installations',
                           'reconnaissance_period': '2025-05-25 to 2025-05-26'},
 'lessons_learned': 'Timely patch management is crucial for web-facing '
                    'applications.',
 'motivation': 'Compromise web forums',
 'post_incident_analysis': {'corrective_actions': 'Apply available security '
                                                  'updates',
                            'root_causes': 'Unpatched vBulletin installations'},
 'recommendations': 'Organizations should immediately audit their vBulletin '
                    'installations and apply available security updates to '
                    'prevent compromise.',
 'references': [{'date_accessed': '2025-05-23', 'source': 'Karma(In)Security'},
                {'date_accessed': '2025-05-25',
                 'source': 'SANS Internet Storm Center'},
                {'date_accessed': '2025-05-26', 'source': 'Ryan Dewhurst'}],
 'title': 'vBulletin Remote Code Execution Vulnerability Exploitation',
 'type': 'Remote Code Execution',
 'vulnerability_exploited': ['CVE-2025-48827', 'CVE-2025-48828']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.