Ethical Hacking News
Two critical vulnerabilities have been discovered in vBulletin forum software, putting thousands of online communities at risk. Hackers can exploit these flaws to bypass PHP's Reflection API and execute arbitrary commands on the underlying server.
Security researchers have identified two critical vulnerabilities in vBulletin forum software, CVE-2025-48827 and CVE-2025-48828.The first vulnerability is an API method invocation flaw that can be exploited to bypass PHP's Reflection API.The second vulnerability is a remote code execution (RCE) via template engine abuse flaw.Attackers can exploit these flaws to create backdoors and execute arbitrary commands on the underlying server.Forum administrators are advised to apply security updates or migrate to version 6.1.1, which is not affected by these flaws.
In a recent development that has sent shockwaves through the online community, security researchers have identified two critical vulnerabilities in the widely used forum software vBulletin. These flaws, tracked under CVE-2025-48827 and CVE-2025-48828, pose a significant risk to thousands of online communities that rely on this platform for their online presence.
The first vulnerability, CVE-2025-48827, is an API method invocation flaw that can be exploited by attackers to bypass PHP's Reflection API. This allows the malicious actor to invoke protected methods without explicit accessibility adjustments, effectively creating a backdoor in the system. The second vulnerability, CVE-2025-48828, is a remote code execution (RCE) via template engine abuse flaw. This vulnerability can be exploited by attackers to inject malicious code into the vBulletin platform, allowing them to execute arbitrary commands on the underlying server.
According to Egidio Romano, the security researcher who discovered these flaws, the vulnerability chain lies in the ability of attackers to invoke protected methods via crafted URLs and misuse template conditionals inside vBulletin's template engine. By injecting crafted template code using the vulnerable 'replaceAdTemplate' method, attackers can bypass "unsafe function" filters, allowing them to execute fully remote, unauthenticated code on the underlying server.
Ryan Dewhurst, another security researcher who reported seeing exploitation attempts on honeypot logs, has traced one of the attackers to Poland. The attacks appear to be leveraging the exploit published by Romano, and have been seen attempting to deploy PHP backdoors to execute system commands. It is worth noting that while there is evidence of active exploitation, it is not yet clear if attackers have successfully chained both vulnerabilities together.
vBulletin, one of the most widely used commercial PHP/MySQL-based forum platforms globally, has a complex design that makes it both flexible and vulnerable. While its modular design provides many benefits, such as mobile APIs and AJAX interfaces, it also exposes a broad attack surface. In the past, hackers have leveraged severe flaws in the platform to breach popular forums and steal sensitive data from large numbers of users.
Forum administrators are advised to apply security updates for their vBulletin installation or migrate to the latest release, version 6.1.1, which is not affected by these said flaws. It is essential for online communities to prioritize their security and take proactive measures to protect themselves against such vulnerabilities.
In conclusion, the discovery of these critical vulnerabilities in vBulletin highlights the importance of regular updates and patching. Online communities must remain vigilant and ensure that they are taking all necessary steps to protect themselves from such threats. As always, it is crucial for users to prioritize their security and take proactive measures to prevent such breaches.
Two critical vulnerabilities have been discovered in vBulletin forum software, putting thousands of online communities at risk. Hackers can exploit these flaws to bypass PHP's Reflection API and execute arbitrary commands on the underlying server.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Critical-vBulletin-Flaw-Putting-Thousands-of-Online-Communities-at-Risk-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-flaw-in-vbulletin-forum-software/
https://nvd.nist.gov/vuln/detail/CVE-2025-48827
https://www.cvedetails.com/cve/CVE-2025-48827/
https://nvd.nist.gov/vuln/detail/CVE-2025-48828
https://www.cvedetails.com/cve/CVE-2025-48828/
Published: Fri May 30 15:18:27 2025 by llama3.2 3B Q4_K_M
