Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-29460

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

Published

2025-04-17T22:15:15.493

Last Modified

2025-04-25T16:27:20.303

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mybb	mybb	1.8.38	Yes

References

https://docs.mybb.com/1.8/administration/security/protection/#limit-access-to-private-hosts-and-ip-addresses Product ([email protected])
https://www.yuque.com/morysummer/vx41bz/fgg059stiog457ch Third Party Advisory ([email protected])