CVE-2025-12297

MEDIUM

pybbs < 6.0.0 - Information Disclosure in UserApiController

Title source: llm

Description

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.329965

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.329965

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.675906

Exploit, Third Party Advisory exploit

https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc

Scores

CVSS v3 4.3

EPSS 0.0030

EPSS Percentile 21.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-284

Status published

Products (1)

pybbs_project/pybbs < 6.0.0

Published Oct 27, 2025

Tracked Since Feb 18, 2026