Improper Neutralization of Whitespace in Usernames in a Popular Product by a Leading Vendor
CVE-2025-55127

5.4MEDIUM

Key Information:

Vendor: Revive
Status: Revive Adserver
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-55127?

A vulnerability has been identified in WordPress that arises from improper neutralization of whitespace within usernames during user addition. This flaw allows usernames with leading or trailing spaces to appear indistinguishable from legitimate usernames in user interfaces. This visual confusion could mislead users into authentication or administrative errors, highlighting the importance of secure user management practices.

Affected Version(s)

Revive Adserver 6 <= 6.0.2

Revive Adserver 6.0.3

References

https://hackerone.com/reports/3413764

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Aug 7, 2025

JSON