Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

Published

2025-04-17T22:15:15.290

Last Modified

2025-04-24T14:14:21.430

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mybb	mybb	1.8.38	Yes

References

https://docs.mybb.com/1.8/administration/security/protection/#limit-access-to-private-hosts-and-ip-addresses Mitigation, Product ([email protected])
https://www.yuque.com/morysummer/vx41bz/qu7zyyxr84qno64e Exploit, Third Party Advisory ([email protected])