CVE-2025-62524

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0

Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The PHP version can also be determined by examining the PILOS version displayed in the footer and reviewing the source code on GitHub. This issue stems from the base PHP image used.

Recommendations Update to PILOS version 4.8.0 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497CWE-200

Related Identifiers

CVE-2025-62524

GHSA-Q93H-5J6H-J22X

Affected Products

Bigbluebutton

Php

Pilos

CVE-2025-62524

Weakness Enumeration

Related Identifiers

Affected Products

References · 8