CVE-2025-8548

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a	Patch
https://github.com/atjiu/pybbs/issues/202	Exploit Issue Tracking
https://github.com/atjiu/pybbs/issues/202#issue-3256293499	Exploit Issue Tracking
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615	Issue Tracking
https://vuldb.com/?ctiid.318677	Permissions Required VDB Entry
https://vuldb.com/?id.318677	Third Party Advisory VDB Entry
https://vuldb.com/?submit.622186	Third Party Advisory VDB Entry
https://github.com/atjiu/pybbs/issues/202	Exploit Issue Tracking
https://github.com/atjiu/pybbs/issues/202#issue-3256293499	Exploit Issue Tracking
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*

History

03 Sep 2025, 13:28

Type	Values Removed	Values Added
References	~~() https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a -~~	() https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a - Patch
References	~~() https://github.com/atjiu/pybbs/issues/202 -~~	() https://github.com/atjiu/pybbs/issues/202 - Exploit, Issue Tracking
References	~~() https://github.com/atjiu/pybbs/issues/202#issue-3256293499 -~~	() https://github.com/atjiu/pybbs/issues/202#issue-3256293499 - Exploit, Issue Tracking
References	~~() https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 -~~	() https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 - Issue Tracking
References	~~() https://vuldb.com/?ctiid.318677 -~~	() https://vuldb.com/?ctiid.318677 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.318677 -~~	() https://vuldb.com/?id.318677 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.622186 -~~	() https://vuldb.com/?submit.622186 - Third Party Advisory, VDB Entry
First Time		Pybbs Project pybbs Pybbs Project
CPE		cpe:2.3:a:pybbs_project:pybbs::::::::

05 Aug 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/atjiu/pybbs/issues/202 -~~	() https://github.com/atjiu/pybbs/issues/202 -
References	~~() https://github.com/atjiu/pybbs/issues/202#issue-3256293499 -~~	() https://github.com/atjiu/pybbs/issues/202#issue-3256293499 -
References	~~() https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 -~~	() https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 -
Summary		(es) Se encontró una vulnerabilidad en atjiu pybbs hasta la versión 6.0.0, clasificada como problemática. Este problema afecta a la función sendEmailCode del archivo src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java del componente Registered Email Handler. La manipulación del argumento "email" provoca la exposición de información mediante un mensaje de error. El ataque puede iniciarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. El identificador del parche es 234197c4f8fc7ce24bdcff5430cd42492f28936a. Se recomienda aplicar un parche para solucionar este problema.

05 Aug 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 07:15

Updated : 2025-09-03 13:28

NVD link : CVE-2025-8548

Mitre link : CVE-2025-8548

CVE.ORG link : CVE-2025-8548

JSON object : View

Products Affected

pybbs_project

pybbs

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-209

Generation of Error Message Containing Sensitive Information

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-8548

3.7^/10

2.6^/10

Attach tags to `CVE-2025-8548`