Email Validation Vulnerability in Mantis Bug Tracker by MantisBT
CVE-2025-55155

5.4MEDIUM

Key Information:

Vendor

Mantisbt

Status
Mantisbt
Vendor
CVE Published:
4 November 2025

What is CVE-2025-55155?

In certain versions of the Mantis Bug Tracker, users have the ability to edit their email addresses without sufficient validation checks. This flaw allows them to enter an invalid email, which can hinder their receipt of important system notifications. More concerningly, if notifications are sent to an email address not controlled by the user, it could potentially lead to the exposure of sensitive information. This vulnerability has been addressed in version 2.27.2 of the software.

Affected Version(s)

mantisbt < 2.27.2

References

https://github.com/mantisbt/mantisbt/security/advisories/...
x_refsource_CONFIRM
https://github.com/mantisbt/mantisbt/commit/21e9fbedde855...
x_refsource_MISC
https://mantisbt.org/bugs/view.php?id=36005
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-55155 : Email Validation Vulnerability in Mantis Bug Tracker by MantisBT