CVE-2025-8548

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a
https://github.com/atjiu/pybbs/issues/202
https://github.com/atjiu/pybbs/issues/202#issue-3256293499
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615
https://vuldb.com/?ctiid.318677
https://vuldb.com/?id.318677
https://vuldb.com/?submit.622186
https://github.com/atjiu/pybbs/issues/202
https://github.com/atjiu/pybbs/issues/202#issue-3256293499
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615

Configurations

No configuration.

History

05 Aug 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/atjiu/pybbs/issues/202 -~~	() https://github.com/atjiu/pybbs/issues/202 -
References	~~() https://github.com/atjiu/pybbs/issues/202#issue-3256293499 -~~	() https://github.com/atjiu/pybbs/issues/202#issue-3256293499 -
References	~~() https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 -~~	() https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 -
Summary		(es) Se encontró una vulnerabilidad en atjiu pybbs hasta la versión 6.0.0, clasificada como problemática. Este problema afecta a la función sendEmailCode del archivo src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java del componente Registered Email Handler. La manipulación del argumento "email" provoca la exposición de información mediante un mensaje de error. El ataque puede iniciarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. El identificador del parche es 234197c4f8fc7ce24bdcff5430cd42492f28936a. Se recomienda aplicar un parche para solucionar este problema.

05 Aug 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 07:15

Updated : 2025-08-05 14:34

NVD link : CVE-2025-8548

Mitre link : CVE-2025-8548

CVE.ORG link : CVE-2025-8548

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-209

Generation of Error Message Containing Sensitive Information

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-8548

3.7^/10

2.6^/10

Attach tags to `CVE-2025-8548`