CVE-2025-55155

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions 2.27.1 and below

Description Mantis Bug Tracker is an open source issue tracker. When a user modifies their profile to update their email address, the system saves the change without verifying ownership. This can lead to storing an invalid email address, potentially preventing the user from receiving system notifications. Notifications being sent to an incorrect email address could result in information disclosure.

Recommendations Update to version 2.27.2 or later.

Exploit

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-354CWE-345CWE-201

Related Identifiers

CVE-2025-55155

GHSA-Q747-C74M-69PR

Affected Products

Mantis Bug Tracker

CVE-2025-55155

Weakness Enumeration

Related Identifiers

Affected Products

References · 11