Home > Vulnerability Database > CVE-2025-8546

Mend.io Vulnerability Database

CVE-2025-8546

Good to know:

Date: August 5, 2025

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.

Severity Score

5.3

Related Resources (9)

Url: https://github.com/atjiu/pybbs/issues/199#issue-3256276118

Url: https://github.com/atjiu/pybbs/commit/ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf

Url: https://vuldb.com/?submit.622179

Url: https://vuldb.com/?id.318675

Url: https://vuldb.com/?ctiid.318675

Url: https://github.com/atjiu/pybbs/issues/199

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8546

Url: https://github.com/atjiu/pybbs/issues/199#issuecomment-3134573731

Url: https://www.mend.io/vulnerability-database/CVE-2025-8546

Severity Score

5.3

Weakness Type (CWE)

Improper Authentication

CWE-287

Guessable CAPTCHA

CWE-804

Top Fix

Upgrade Version

Upgrade to version https://github.com/atjiu/pybbs.git - no_fix

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8546

Good to know:

Date: August 5, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?