Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55155

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.

Published

2025-11-04T21:15:39.280

Last Modified

2025-11-10T18:02:32.813

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-201
CWE-354

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mantisbt	mantisbt	< 2.27.2	Yes

References

https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e Patch ([email protected])
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr Issue Tracking, Vendor Advisory ([email protected])
https://mantisbt.org/bugs/view.php?id=36005 Exploit, Issue Tracking, Vendor Advisory ([email protected])