CVE-2025-71280

CVSS v3.1

6.2

Medium

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-71280

Affected Products

Xenforo

CVE-2025-71280

Weakness Enumeration

Related Identifiers

Affected Products

References · 3