CVE-2025-48986

High CVSS: 8.8

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.

Vendor

Revive-adserver

Product

Revive Adserver

CWE

CWE-284

Yayın Tarihi

2025-11-20 20:16:22

Güncelleme

2025-11-25 18:57:29

Source Identifier

support@hackerone.com

KEV Date Added

Kategoriler

CWE-284 Revive Adserver HIGH Revive-adserver 2025

Referanslar

https://hackerone.com/reports/3398283 https://hackerone.com/reports/3398283

Benzer Kayıtlar

Medium

CVE-2023-53931

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allow…

Medium

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes no…

Medium

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete…

Medium

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes…

Medium

CVE-2025-55123

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be a…

Medium

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.