CVE-2025-71282

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open basedir restrictions. This allows an attacker to obtain information about the server's directory structure.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2025-71282

Affected Products

Xenforo

CVE-2025-71282

Weakness Enumeration

Related Identifiers

Affected Products

References · 3