![Full Disclosure: [REVIVE-SA-2025-005] Revive Adserver Vulnerability](https://seclists.org/images/fulldisclosure-logo.png "Full Disclosure: [REVIVE-SA-2025-005] Revive Adserver Vulnerability"){kind=logo}
Revive Adserver has addressed a vulnerability related to incomplete disallowance of certain username inputs that could enable impersonation attacks. Users are advised to update to version 6.0.4 or later to mitigate this medium-risk security issue. #ReviveAdserver #CVE-2025-55129
Keypoints
- The vulnerability affects Revive Adserver versions up to 6.0.3.
- It involves the handling of UTF-8 usernames allowing homoglyph and zero-width space impersonation techniques.
- Attackers with user creation permissions can craft visually similar usernames to impersonate others.
- Updating to version 6.0.4 or newer is recommended to fix the issue.
- The vulnerability has been officially documented with CVE-2025-55129 and a CVSS score of 5.4.