CVE-2025-71282

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions XenForo versions prior to 2.3.7

Description XenForo versions prior to 2.3.7 disclose filesystem paths through exception messages triggered by open basedir restrictions. This allows an attacker to obtain information about the server's directory structure.

Recommendations Update to version 2.3.7 or later.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2025-71282

Affected Products

Xenforo

CVE-2025-71282

Weakness Enumeration

Related Identifiers

Affected Products

References · 5