Debug Information Disclosure in Revive Adserver by Revive Adserver Inc.
CVE-2025-52671

4.3MEDIUM

Key Information:

Vendor: Revive
Status: Revive Adserver
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-52671?

A vulnerability in Revive Adserver allows non-admin users to access sensitive debug information through SQL error messages. This disclosure can reveal critical details about the software, PHP, and database versions in use, potentially aiding attackers in further exploits. Affected users should consider applying urgent security measures to mitigate risks associated with this flaw.

Affected Version(s)

Revive Adserver 6 <= 6.0.1

Revive Adserver 5 <= 5.5.2

Revive Adserver 6.0.2

References

https://hackerone.com/reports/3403450

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Jun 18, 2025

JSON