Home > Vulnerability Database > CVE-2025-55155

Mend.io Vulnerability Database

CVE-2025-55155

Good to know:

Date: November 4, 2025

When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. Patches Fixed in 2.27.2. Workarounds None Credits Thanks to @ncrcs for discovering and reporting the issue.

Severity Score

5.4

Related Resources (6)

Url: https://mantisbt.org/bugs/view.php?id=36005

Url: https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr

Url: https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e

Url: https://github.com/mantisbt/mantisbt

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55155

Url: https://www.mend.io/vulnerability-database/CVE-2025-55155

Severity Score

5.4

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Insertion of Sensitive Information Into Sent Data

CWE-201

Top Fix

Upgrade Version

Upgrade to version mantisbt/mantisbt - 2.27.2

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55155

Good to know:

Date: November 4, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?