CVE-2025-52666

LOW

Revive-adserver Revive Adserver < 5.5.2 - Format String Vulnerability

Title source: rule

Description

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://hackerone.com/reports/3399218

Scores

CVSS v3 2.7

EPSS 0.0010

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-134

Status published

Products (1)

revive-adserver/revive_adserver < 5.5.2

Published Nov 20, 2025

Tracked Since Feb 18, 2026