CVE-2025-8546

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/atjiu/pybbs/commit/ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf
https://github.com/atjiu/pybbs/issues/199
https://github.com/atjiu/pybbs/issues/199#issue-3256276118
https://github.com/atjiu/pybbs/issues/199#issuecomment-3134573731
https://vuldb.com/?ctiid.318675
https://vuldb.com/?id.318675
https://vuldb.com/?submit.622179

Configurations

No configuration.

History

05 Aug 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 05:15

Updated : 2025-08-05 05:15

NVD link : CVE-2025-8546

Mitre link : CVE-2025-8546

JSON object : View

Products Affected

No product.

CWE

CWE-804

Guessable CAPTCHA

CWE-287

Improper Authentication

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/atjiu/pybbs/commit/ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf", "name": "https://github.com/atjiu/pybbs/commit/ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf", "tags": [], "refsource": ""}, {"url": "https://github.com/atjiu/pybbs/issues/199", "name": "https://github.com/atjiu/pybbs/issues/199", "tags": [], "refsource": ""}, {"url": "https://github.com/atjiu/pybbs/issues/199#issue-3256276118", "name": "https://github.com/atjiu/pybbs/issues/199#issue-3256276118", "tags": [], "refsource": ""}, {"url": "https://github.com/atjiu/pybbs/issues/199#issuecomment-3134573731", "name": "https://github.com/atjiu/pybbs/issues/199#issuecomment-3134573731", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.318675", "name": "VDB-318675 | CTI Indicators (IOB, IOC, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.318675", "name": "VDB-318675 | atjiu pybbs Verification Code login Captcha", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.622179", "name": "Submit #622179 | atjiu https://github.com/atjiu/pybbs <=6.0.0 CAPTCHA reuse Vulnerability", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-804"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-8546", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2025-08-05T05:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-05T05:15Z"}