CVE-2025-8549
LOWDescription
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| pybbs_project | pybbs |
References
Advisories & Patches
Exploits
Frequently Asked Questions
What is CVE-2025-8549? +
How severe is CVE-2025-8549? +
What products are affected by CVE-2025-8549? +
How do I check if I'm vulnerable to CVE-2025-8549? +
Related Vulnerabilities
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through …
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any …
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After …
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console …
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac …