Related Posts
- Advertisement -
- Security researchers find two errors in Vbulletin
- Both are crucial in severity and can be chained for RCE
- One of the defects is actively operated
A critical security vulnerability in the popular forum software VBulletin is abused in the wild, experts have claimed.
CyberSecurity -researcher Ryan Dewurst, who claims to have seen exploitation attempts in the wild, says that vulnerability can be used in theory to grant the attackers Execution of external code (RCE) options.
Dewurst says that the bug, followed as a CVE-2025-48827, is described as an API method call error, with a serious score of 10/10 (critical). It influences VBulletin versions 5.0.0 to 5.7.5 and 6.0.0 to 6.0.3, executed on PHP 8.1 and later.
Doxxing Stern
Dthurst said that on 26 May he saw exploitation attempts in his Honeypot for the first time. The attacks were created in Poland, he added, and emphasized that POCs were available for a few days on this point.
It is also worth noting that the bug was first noticed by security researcher Egidio Romano (Egix), who also observed a vulnerability of the template conditionals in the template engine “, followed as CVE-2025-48828.
This has a serious score of 9.0/10 (critical) and grants the attackers external code version (RCE). These two are said to be chained to each other, but so far the researchers have not seen the chain in the wild.
According to Bleeping computerThe bug was probably patched quietly, when patch level 1 (for all versions of the 6) and patch level 3 (for version 5.7.5) were released. The publication claims that many sites remain in danger, because not all managers are diligent when it comes to patching.
vbulletin, Bleeping computer Further stress, is one of the most used commercial PHP/MySQL-based forum platforms that feed thousands of online communities worldwide.
Among other things, it is due to its popularity to its modular design, making it both flexible and complex. It also makes it a little more exposed to threats.
Maybe you like it too
- Advertisement -
