CVE-2025-48986

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-48986

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48986.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48986

Published

2025-11-20T20:16:22.407Z

Modified

2026-04-10T05:28:52.730644Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.

References

https://hackerone.com/reports/3398283

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type

GIT

Repo

https://github.com/revive-adserver/revive-adserver

Events

Introduced

Last affected

672de5d24610163d8cd9f9ea70f82bdaba511d2d

Introduced

d30dee449a2da3d687c66fc4c162ed0b3e39482c

Last affected

1b81cb7e8d2babd447a91652da21100f6d34c8cd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.2"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.1"
        }
    ]
}

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.1.0-beta

v3.2.0

v3.2.0-beta

v3.2.1

v3.2.1-rc1

v4.*

v4.0.0

v4.0.0-rc1

v4.0.1

v4.0.2

v4.1.0

v4.1.0-rc1

v4.1.2

v4.1.3

v4.1.4

v4.2.0

v4.2.0-rc1

v4.2.1

v5.*

v5.0.0

v5.0.0-rc1

v5.0.1

v5.0.3

v5.0.4

v5.0.5

v5.1.0

v5.1.0-rc1

v5.1.1

v5.2.0

v5.2.1

v5.3.0

v5.3.0-rc1

v5.4.0

v5.4.0-rc1

v5.4.1

v5.5.0

v5.5.1

v5.5.2

v6.*

v6.0.0

v6.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48986.json"