Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.

Published

2025-04-18T16:15:22.747

Last Modified

2025-05-13T15:27:06.077

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	namelessmc	nameless	< 2.2.0	Yes

References

https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207 Patch ([email protected])
https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0 Release Notes ([email protected])
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m Exploit, Vendor Advisory ([email protected])
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m Exploit, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)