Two critical vulnerabilities in vBulletin forum software, CVE-2025-48827 and CVE-2025-48828, have been actively exploited in the wild, allowing remote code execution via template engine abuse. Users running versions affected on PHP 8.1 or later are urged to update to version 6.1.1 to mitigate the risk. #vBulletin #RemoteCodeExecution
Keypoints
- The vulnerabilities impact vBulletin versions 5.0.0 to 5.7.5 and 6.0.0 to 6.0.3.
- They are caused by misuse of PHP’s Reflection API, leading to unauthenticated code execution.
- Active exploitation was observed with attackers attempting to deploy PHP backdoors.
- The flaws are linked to an API method invocation and RCE via template engine abuse.
- Site administrators are advised to apply security patches or upgrade to version 6.1.1 for protection.