Recommended reading

Security flaw in vBulletin forum software exploited by hackers

News
By published

Two critical-severity flaws recently found in popular forum software

Forum animation
(Image credit: Faber14 / Shutterstock)
  • Security researchers find two flaws in vBulletin
  • Both are critical in severity, and can be chained for RCE
  • One of the flaws is being actively exploited

A critical security vulnerability found in the popular forum software vBulletin is being abused in the wild, experts have claimed.

Cybersecurity researcher Ryan Dewhurst, who claims to have seen exploitation attempts in the wild, says the vulnerability can in theory be used to grant the attackers remote code execution (RCE) capabilities.

Dewhurst says the bug, tracked as CVE-2025-48827, is described as an API method invocation flaw, with a severity score of 10/10 (critical). It affects vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, running on PHP 8.1 and later.

Doxxing Stern

Dewhurst said that he first saw exploitation attempts in his honeypot on May 26. The attacks originated in Poland, he added, stressing that PoCs were available for a few days at this point.

It is also worth mentioning that the bug was first spotted by security researcher Egidio Romano (EgiX), who also observed a “Template Conditionals in the template engine” vulnerability, tracked as CVE-2025-48828.

This one has a severity score of 9.0/10 (critical), and grants the attackers remote code execution (RCE) capabilities. These two can allegedly be chained together, but so far, the researchers haven’t seen the chain in the wild.

According to BleepingComputer, the bug was probably patched quietly, when Patch Level 1 (for all versions of the 6) and Patch Level 3 (for version 5.7.5) were released. The publication claims that many sites remain at risk since not all admins are diligent when it comes to patching.

vBulletin, BleepingComputer further stresses, is one of the most widely used commercial PHP/MySQL-based forum platforms, powering thousands of online communities globally.

It owes its popularity, among other things, to its modular design, which makes it both flexible and complex. It also makes it somewhat more exposed to threats.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.