Home > Vulnerability Database > CVE-2025-8549

Mend.io Vulnerability Database

CVE-2025-8549

Date: August 5, 2025

A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.

Severity Score

3.7

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8549

Url: https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216

Url: https://github.com/atjiu/pybbs/issues/201

Url: https://vuldb.com/?id.318678

Url: https://github.com/atjiu/pybbs/commit/d09cb19a8e7d7e5151282926ada54080244d499f

Url: https://vuldb.com/?ctiid.318678

Url: https://github.com/atjiu/pybbs/issues/201#issue-3256288016

Url: https://vuldb.com/?submit.622187

Url: https://www.mend.io/vulnerability-database/CVE-2025-8549

Severity Score

3.7

Weakness Type (CWE)

Weak Password Requirements

CWE-521

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8549

Date: August 5, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?