CVE-2025-67163

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Simple Machines Forum version 2.1.6

Description A stored cross-site scripting (XSS) issue exists in Simple Machines Forum. Successful exploitation allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Forum Name parameter.

Recommendations Update Simple Machines Forum to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the Forum Name parameter to prevent the injection of malicious scripts.

Exploit

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-83CWE-79CWE-20

Related Identifiers

CVE-2025-67163

GHSA-P2XM-X9FP-5R7X

Affected Products

Simple Machines Forum

CVE-2025-67163

Weakness Enumeration

Related Identifiers

Affected Products

References · 9