Xenforo · Xenforo · CVE-2025-71282
Name of the Vulnerable Software and Affected Versions
XenForo versions prior to 2.3.7
Description
XenForo versions prior to 2.3.7 disclose filesystem paths through exception messages triggered by `open basedir` restrictions. This allows an attacker to obtain information about the server's directory structure.
Recommendations
Update to version 2.3.7 or later.