CVE-2025-29457

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.38

Description An issue in MyBB allows a remote attacker to obtain sensitive information via the Import a Theme function. The supplier disputes this due to the allowed actions of Board administrators and SSRF mitigation.

Recommendations For MyBB version 1.8.38, consider disabling the Import a Theme function until a patch is available to prevent potential exploitation. Restrict access to sensitive information to minimize the risk of disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.