CVE-2025-46171
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-23

Last updated on: 2025-07-28

Assigner: MITRE

Description
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing the forum.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-23
Last Modified
2025-07-28
Generated
2026-05-07
AI Q&A
2025-07-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-46171
EUVD
EUVD-2025-22462
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vbulletin vbulletin 3.8.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

vBulletin 3.8.7 has a vulnerability in the misc.php?do=buddylist endpoint where an authenticated user with a very large buddy list can cause excessive memory consumption during processing. This can exhaust system resources and crash the forum, resulting in a denial-of-service condition.


How can this vulnerability impact me? :

This vulnerability can impact you by causing the vBulletin forum to crash due to resource exhaustion when processing large buddy lists. This denial-of-service condition can make the forum unavailable to users, disrupting normal operations and potentially affecting user experience and business continuity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart