Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-8548

Date: August 5, 2025

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.

Severity Score

Related Resources (9)

https://nvd.nist.gov/vuln/detail/CVE-2025-8548
https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615
https://vuldb.com/?id.318677
https://github.com/atjiu/pybbs/issues/202
https://vuldb.com/?ctiid.318677
https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a
https://vuldb.com/?submit.622186
https://github.com/atjiu/pybbs/issues/202#issue-3256293499
https://www.mend.io/vulnerability-database/CVE-2025-8548

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Generation of Error Message Containing Sensitive Information

CWE-209

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us