CVE-2025-8548

Source
https://cve.org/CVERecord?id=CVE-2025-8548
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8548.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8548
Published
2025-08-05T07:15:35.627Z
Modified
2026-04-10T05:37:17.783591Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/atjiu/pybbs

Affected ranges

Type
GIT
Repo
https://github.com/atjiu/pybbs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/tomoya92/pybbs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0"
        }
    ]
}

Affected versions

jfinalbbs2.*
jfinalbbs2.0
jfinalbbs2.1
jfinalbbs2.2
pybbs-4.*
pybbs-4.0-beta
pybbs2.*
pybbs2.5
pybbs2.5-lastest
pybbs2.6
pybbs4.*
pybbs4.0-release
v5.*
v5.0
v5.1.0
v5.2.0
v5.2.1
v6.*
v6.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8548.json"