What is CVE-2023-25135?

CVE-2023-25135 is a vulnerability in N/a. Published 2023-02-03.

Is CVE-2023-25135 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling uns…

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
Sachinart/vbulletin-rce
ambionics/vbulletin-exploits
getdrive/PoC
iluaster/getdrive_
izj007/wechat
netlas-io/netlas-dorks
tavkhid/CVE
tawkhidd/CVE
whoami13apt/files2

References

www.ambionics.io/blog/vbulletin-unserializable-but-unreachable
forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/44…

Frequently asked questions

What is CVE-2023-25135?: CVE-2023-25135 is a vulnerability in N/a. Published 2023-02-03.
Is CVE-2023-25135 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.