Home > Vulnerability Database > CVE-2025-55155

Mend.io Vulnerability Database

CVE-2025-55155

Good to know:

Date: November 4, 2025

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.

Severity Score

4.4

Related Resources (6)

Url: https://mantisbt.org/bugs/view.php?id=36005

Url: https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr

Url: https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e

Url: https://github.com/mantisbt/mantisbt

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55155

Url: https://www.mend.io/vulnerability-database/CVE-2025-55155

Severity Score

4.4

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Insertion of Sensitive Information Into Sent Data

CWE-201

Improper Validation of Integrity Check Value

CWE-354

Top Fix

Upgrade Version

Upgrade to version mantisbt/mantisbt - 2.27.2

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55155

Good to know:

Date: November 4, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?