CVE-2025-71282

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.

209

Generation of Error Message Containing Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Languages: Java, Not Language-Specific, PHP

Likelihood of Exploit: High

View CWE Details

https://www.vulncheck.com/advisories/xenforo-path-disclosur…

https://www.vulncheck.com/advisories/xenforo-path-disclosure-via-open-basedir-e…

https://xenforo.com/community/threads/xenforo-2-3-7-release…

https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-…

CVE-2025-71282

Description

Generation of Error Message Containing Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter