QwikSec

Security Database

CVE

CWE

Training

CVE-2025-8547

Published: Aug 5, 2025

Modified: Aug 5, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
atjiu	pybbs	affected `6.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

VDB-318676 | atjiu pybbs Email Verification improper authorization

vdb-entry

VDB-318676 | CTI Indicators (IOB, IOC, TTP)

signature

permissions-required

Submit #622180 | atjiu https://github.com/atjiu/pybbs <=6.0.0 Registration email is not verified

third-party-advisory

https://github.com/atjiu/pybbs/issues/200

issue-tracking

https://github.com/atjiu/pybbs/issues/200#issuecomment-3134710486

issue-tracking

https://github.com/atjiu/pybbs/issues/200#issue-3256283647

exploit

issue-tracking

https://github.com/atjiu/pybbs/commit/044f22893bee254dc2bb0d30f614913fab3c22c2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.