CVE-2025-8549

Name of the Vulnerable Software and Affected Versions atjiu pybbs versions up to 6.0.0

Description A critical issue exists in atjiu pybbs up to version 6.0.0 related to weak password requirements in the update function of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. Additionally, a cross site scripting issue affects an unknown functionality in the file /admin/topic/list, triggered by manipulating the Username argument. Both issues are remotely exploitable, and exploits have been publicly disclosed.

Recommendations Apply patch d09cb19a8e7d7e5151282926ada54080244d499f to address the weak password requirements. Apply patch 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 to address the cross site scripting issue.