PT-2025-30595 · Vbulletin · Vbulletin
Published
2025-07-23
·
Updated
2025-07-23
·
CVE-2025-46171
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
vBulletin version 3.8.7
Description
vBulletin is susceptible to a denial-of-service condition through the
misc.php?do=buddylist endpoint. Processing a large buddy list by an authenticated user can lead to excessive memory consumption, potentially exhausting system resources and causing the forum to crash.Recommendations
For vBulletin version 3.8.7, limit the size of buddy lists to prevent excessive memory usage.
Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vbulletin