CVE-2025-2582

Name of the Vulnerable Software and Affected Versions SimpleMachines SMF version 2.1.4

Description A problem was found in SimpleMachines SMF and classified as problematic. It affects some unknown functionality of the file ManageAttachments.php. The manipulation of the Notice argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

Recommendations For SimpleMachines SMF version 2.1.4, as a temporary workaround, consider restricting access to the ManageAttachments.php file until a patch is available. Avoid using the Notice argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.