Tag: CVE-2025-48827
All the articles with the tag "CVE-2025-48827".
-
[CVE-2025-48827] vBulletin’s Reflection Mix-up Lets Anyone Reach Protected API Methods
When vBulletin runs on PHP 8.1 or later, a change in the Reflection API breaks the application’s access controls. Unauthenticated attackers can call protected controller methods, a primitive that has already been chained to remote code execution in the wild.