Remote Code Execution in vBulletin by Unauthenticated Users
CVE-2025-48827

9.8CRITICAL

Key Information:

Vendor

Vbulletin

Status
Vbulletin
Vendor
CVE Published:
27 May 2025

Badges

📈 Score: 815👾 Exploit Exists🟡 Public PoC🟣 EPSS 60%📰 News Worthy

What is CVE-2025-48827?

CVE-2025-48827 is a critical vulnerability affecting the vBulletin platform, specifically versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, when used with PHP 8.1 or later. vBulletin is widely utilized for online forums and community platforms. This vulnerability enables unauthenticated users to access and invoke methods from protected API controllers, posing a significant security risk. The ability to execute restricted functions can lead to unauthorized actions within a vBulletin installation, potentially allowing attackers to compromise the integrity and confidentiality of the system. With such access, bad actors could manipulate data, extract sensitive information, or perform actions that disrupt the proper functioning of the platform.

Potential impact of CVE-2025-48827

  1. Remote Code Execution: By exploiting this vulnerability, attackers can execute arbitrary code on the server, enabling complete control over the affected systems. This can lead to further exploitation or the installation of malicious software.

  2. Data Breach Risks: Unauthorized access to protected APIs may allow attackers to retrieve confidential user data, including personal details and credentials, thus posing a severe risk to user privacy and organizational data security.

  3. System Integrity Threats: The vulnerability can disrupt normal operations of the vBulletin platform, leading to service outages or tampering with forum content, which can damage the reputation of the organization and erode user trust.

Affected Version(s)

vBulletin 5.0.0 <= 5.7.5

vBulletin 6.0.0 <= 6.0.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-48827
Created by 0xgh057r3c0n

News Articles

favicon imageSecurity Affairs

Two flaws in vBulletin forum software are under attack

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks.

favicon imageBleepingComputer

Hackers are exploiting critical flaw in vBulletin forum software

Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild.

favicon imagewiz.io

CVE-2025-48827 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-48827 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

References

https://karmainsecurity.com/dont-call-that-protected-meth...
https://kevintel.com/CVE-2025-48827

EPSS Score

60% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by wiz.io

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48827 : Remote Code Execution in vBulletin by Unauthenticated Users