CVE-2025-48827 – vBulletin Unauthenticated API Controller Method Invocation Vulnerability

CVE ID : CVE-2025-48827

Published : May 27, 2025, 4:15 a.m. | 1 hour, 19 minutes ago

Description : vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers’ methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…