Plattform
php
Komponente
mybb
Behoben in
1.8.40
CVE-2025-48940 describes a Local File Inclusion (LFI) vulnerability affecting MyBB forum software versions prior to 1.8.39. This vulnerability allows attackers to potentially read arbitrary files on the server if the upgrade process is accessible and the installer is unlocked. The vulnerability is resolved in MyBB version 1.8.39, and users are strongly advised to upgrade immediately.
Successful exploitation of CVE-2025-48940 could allow an attacker to read sensitive files from the MyBB server. This includes configuration files containing database credentials, user data, or other critical information. The attacker needs to have access to the upgrade script, typically achieved by re-installing the forum or by being an authenticated administrator. While the vulnerability requires the installer to be unlocked, this is a relatively common configuration, especially on older or less-secure deployments. The potential impact ranges from data breaches to complete server compromise, depending on the files accessed and the attacker's subsequent actions.
CVE-2025-48940 was publicly disclosed on June 2, 2025. There is currently no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) exploits have been released as of this date. The vulnerability has not been added to the CISA KEV catalog.
Organizations running MyBB forum software, particularly those using older, unpatched versions (≤ 1.8.39), are at risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as an attacker could potentially exploit this vulnerability on one user's forum and gain access to other users' data.
• php: Examine web server access logs for requests containing unusual parameters in the install/index.php URL. Look for patterns indicative of file path traversal attempts.
grep 'install/index.php[?&].*' /var/log/apache2/access.log• php: Check for the presence of the install/lock file. Its absence indicates a potential vulnerability.
ls -l /path/to/mybb/install/lock• generic web: Monitor file system integrity for unexpected modifications to sensitive files, particularly those related to MyBB configuration. • generic web: Review MyBB forum administrator accounts for suspicious login activity or unauthorized access attempts.
disclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-48940 is to immediately upgrade MyBB to version 1.8.39 or later. If upgrading is not immediately feasible, ensure the install/lock file exists to prevent access to the upgrade script. Additionally, restrict access to the install/index.php file if the forum has already been installed. Consider implementing a Web Application Firewall (WAF) with rules to block suspicious requests targeting the upgrade script with potentially malicious parameters. After upgrading, verify the fix by attempting to access the upgrade script with a crafted parameter and confirming that access is denied.
Actualice MyBB a la versión 1.8.39 o superior. Esta versión corrige la vulnerabilidad de inclusión de archivos locales. Asegúrese de que el archivo `install/lock` esté presente para evitar el acceso no autorizado al instalador.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-48940 is a Local File Inclusion (LFI) vulnerability in MyBB forum software versions 1.8.39 and earlier, allowing attackers to potentially read sensitive files.
You are affected if you are using MyBB version 1.8.39 or earlier. Upgrade to version 1.8.39 to resolve the vulnerability.
Upgrade MyBB to version 1.8.39. Ensure the install/lock file is present and restrict access to the install/index.php script.
As of now, there is no confirmed active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official MyBB security advisory for detailed information and updates: [https://docs.mybb.com/security/security-advisories/](https://docs.mybb.com/security/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.