CVE-2025-52666

LOW

Revive-adserver Revive Adserver < 5.5.2 - Format String Vulnerability

Title source: rule

Description

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://hackerone.com/reports/3399218

Scores

CVSS v3 2.7

EPSS 0.0009

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-134

Status published

Affected Products (1)

revive-adserver/revive_adserver < 5.5.2

Timeline

Published Nov 20, 2025

Tracked Since Feb 18, 2026