CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-29457

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.0%

CVSS Severity

CVSS v3 Score 7.6

References

https://docs.mybb.com/1.8/administration/security/protection/#limit-access-to-private-hosts-and-ip-addresses
https://www.yuque.com/morysummer/vx41bz/vro4dvxzuiwlg6uv

Products affected by CVE-2025-29457

Mybb » Mybb » Version: 1.8.38

cpe:2.3:a:mybb:mybb:1.8.38

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-29457

Products

Pricing

Contact Us