CVE-2025-8548 — LOW (3.7) — White Hats Nepal

Q: How severe is CVE-2025-8548?

CVE-2025-8548 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-8548?

Check the references section above for vendor advisories and patch information. Affected products include: Pybbs Project Pybbs.

Vulnerability Description

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pybbs Project	Pybbs	<= 6.0.0

Related Weaknesses (CWE)

CWE-209 CWE-200

References

https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936aPatch
https://github.com/atjiu/pybbs/issues/202ExploitIssue Tracking
https://github.com/atjiu/pybbs/issues/202#issue-3256293499ExploitIssue Tracking
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615Issue Tracking
https://vuldb.com/?ctiid.318677Permissions RequiredVDB Entry
https://vuldb.com/?id.318677Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.622186Third Party AdvisoryVDB Entry
https://github.com/atjiu/pybbs/issues/202ExploitIssue Tracking
https://github.com/atjiu/pybbs/issues/202#issue-3256293499ExploitIssue Tracking
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615Issue Tracking

FAQ

What is CVE-2025-8548?

CVE-2025-8548 is a vulnerability with a CVSS score of 3.7 (LOW). A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiCont...

How severe is CVE-2025-8548?

CVE-2025-8548 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-8548?

Check the references section above for vendor advisories and patch information. Affected products include: Pybbs Project Pybbs.