Comment Deletion Flaw in NamelessMC Web Software
CVE-2025-30357

6.8MEDIUM

Key Information:

Vendor: NamelessMC
Status: NamelessMC
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-30357?

NamelessMC, a popular website software for Minecraft servers, suffers from a flaw where deleting a malicious user's account results in the unintended deletion of all their spam comments and related discussion topics. This can severely disrupt community interactions as unrelated users' content may also face removal. The issue has been rectified in version 2.2.0, emphasizing the importance of updating to maintain user-generated content integrity and overall site functionality.

References

https://github.com/NamelessMC/Nameless/commit/7040924e27f...

https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0

https://github.com/NamelessMC/Nameless/security/advisorie...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025

CVE-2025-30357 Data

JSON