Home > Vulnerability Database > CVE-2025-62524

Mend.io Vulnerability Database

CVE-2025-62524

Good to know:

Date: October 27, 2025

PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0.

Severity Score

5.3

Related Resources (4)

Url: https://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8

Url: https://github.com/THM-Health/PILOS/security/advisories/GHSA-q93h-5j6h-j22x

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62524

Url: https://www.mend.io/vulnerability-database/CVE-2025-62524

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

Top Fix

Upgrade Version

Upgrade to version https://github.com/THM-Health/PILOS.git - v4.8.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62524

Good to know:

Date: October 27, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?