CVE-2025-48828

Name of the Vulnerable Software and Affected Versions vBulletin (affected versions not specified)

Description Certain versions of vBulletin are susceptible to remote code execution due to improper handling of template conditionals within the template engine. Attackers can bypass security checks and execute arbitrary PHP code by crafting template code using an alternative PHP function invocation syntax, such as var dump("test"). This issue was exploited in the wild in May 2025. The vulnerability involves the misuse of template conditionals, potentially leading to system compromise. The vulnerability is related to the replaceAdTemplate function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.