CVE-2025-71280

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions XenForo versions prior to 2.3.7

Description XenForo before version 2.3.7 allows information disclosure through local account page caching on shared systems. When multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.

Recommendations Update to version 2.3.7 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-71280

Affected Products

Xenforo

CVE-2025-71280

Weakness Enumeration

Related Identifiers

Affected Products

References · 5