CVE-2025-48828

CRITICAL EXPLOITED NUCLEI

vBulletin - RCE

Title source: llm

Description

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

Exploits (2)

nomisec WORKING POC

by ill-deed · remote

https://github.com/ill-deed/vBulletin-CVE-2025-48828-Multi-target

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Egidio Romano (EgiX), Valentin Lobstein · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vbulletin_replace_ad_template_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

vBulletin replaceAdTemplate - Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDK, Chocapikk

Shodan: http.component:"vBulletin"

FOFA: app="vBulletin"

References (3)

[Exploit, Third Party Advisory] https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

[Third Party Advisory] https://kevintel.com/CVE-2025-48828

[Broken Link] https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/

Scores

CVSS v3 9.0

EPSS 0.7368

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2025-05-26

CWE

CWE-424

Status published

Products (1)

vbulletin/vbulletin 6.0.3

Published May 27, 2025

Tracked Since Feb 18, 2026