CVE-2023-25135

CRITICAL EXPLOITED NUCLEI

vBulletin < 5.6.9 PL1 - Unauthenticated Remote Code Execution via Deserialization

Title source: llm

Exploitation Summary

CVE-2023-25135 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2023-25135, a pre-authentication RCE vulnerability in vBulletin. The exploit leverages PHP deserialization via crafted user input to execute arbitrary commands on the target system.

Description

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

Exploits (1)

vulncheck_xdb WORKING POC

remote

https://github.com/ambionics/vbulletin-exploits

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2023-25135, a pre-authentication RCE vulnerability in vBulletin. The exploit leverages PHP deserialization via crafted user input to execute arbitrary commands on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: vBulletin

No auth needed

Prerequisites: Target URL · Command to execute

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan:

http.component:"vBulletin" || http.html:"powered by vbulletin" || http.component:"vbulletin" || http.title:"powered by vbulletin" || cpe:"cpe:2.3:a:vbulletin:vbulletin"

FOFA: body="powered by vbulletin" || title="powered by vbulletin"

References (2)

Core 2

Core References

Release Notes, Vendor Advisory

https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch

Exploit, Technical Description, Third Party Advisory

https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable

Scores

CVSS v3 9.8

EPSS 0.2393

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-12-04

CWE

CWE-502

Status published

Products (3)

vbulletin/vbulletin 5.6.7

vbulletin/vbulletin 5.6.8

vbulletin/vbulletin 5.6.9

Published Feb 03, 2023

Tracked Since Feb 18, 2026