CVE-2025-47776

CRITICAL

MantisBT <2.27.1 - Auth Bypass

Title source: llm

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.

References (2)

[Issue Tracking, Mitigation, Vendor Advisory] https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37

[Patch] https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2

View Patch ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0008

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-305

Status published

Products (2)

mantisbt/mantisbt < 2.27.2

mantisbt/mantisbt 0 - 2.27.2Packagist

Published Nov 04, 2025

Tracked Since Feb 18, 2026