CVE-2023-25135

Name of the Vulnerable Software and Affected Versions vBulletin versions prior to 5.6.9 PL1

Description The issue is related to the restoration of untrusted data in memory, allowing a remote attacker to execute arbitrary code via a specially crafted HTTP request. This occurs due to the verify serialized function checking if a value is serialized by calling unserialize and then checking for errors. Over 10,000 targets related to this issue were identified.

Recommendations For versions prior to 5.6.9 PL1, update to version 5.6.9 PL1 or later to resolve the issue. As a temporary workaround, consider restricting access to the verify serialized function until a patch is available. Avoid using the unserialize function in the affected API endpoint until the issue is resolved.