A critical vulnerability in vBulletin forum software is being actively exploited in the wild shortly after its disclosure. Cyber attackers are attempting to execute remote code, targeting various vBulletin versions, with exploitation signs detected by honeypots. #vBulletin #remoteCodeExecution
Keypoints
- A significant vBulletin vulnerability allows unauthenticated remote code execution.
- The vulnerability affects vBulletin versions 5.1.0, 5.7.5, 6.0.1, and 6.0.3.
- The flaw was reportedly patched in April 2024 but was exploited shortly after.
- Exploitation attempts using proof-of-concept code have been observed since May 25.
- The CVE identifiers CVE-2025-48827 and CVE-2025-48828 have been assigned to this vulnerability.
Read More: https://www.securityweek.com/vbulletin-vulnerability-exploited-in-the-wild/