CVE-2025-8548
BaseFortify
Publication date: 2025-08-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pybbs_project | pybbs | to 6.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8548 is an information exposure vulnerability in the atjiu pybbs software (up to version 6.0.0). It occurs in the sendEmailCode function of the Registered Email Handler component, where the system improperly handles the 'email' argument. When a user attempts to change their email, the system checks if the email is already registered and returns an error message revealing this information. This allows attackers to remotely and without authentication enumerate registered email addresses by submitting different emails and observing the error messages. The vulnerability arises from disclosing sensitive information through error messages, which can be exploited despite the attack being somewhat difficult. A patch is available to fix this issue by removing the explicit email existence check and error message. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to discover which email addresses are registered in your system. Attackers can perform brute-force attacks against the vulnerable endpoint to enumerate registered users' emails, compromising user privacy. This information leakage can facilitate further attacks such as phishing, social engineering, or targeted attacks against known users. Since the vulnerability can be exploited remotely without authentication and lacks protections like rate limiting and CSRF, it increases the risk of large-scale enumeration and information exposure. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring requests to the endpoint /api/settings/sendEmailCode for error messages that reveal whether an email address is registered. An attacker may send multiple requests with different email addresses and observe if the system returns explicit error messages indicating email registration status. To detect this on your system, you can use network traffic analysis tools like tcpdump or Wireshark to capture HTTP requests to this endpoint and look for such error responses. Additionally, you can use curl commands to test the endpoint manually, for example: curl -X POST -d '[email protected]' https://yourdomain/api/settings/sendEmailCode and observe if the response reveals whether the email is registered. Repeated requests with different emails can confirm the presence of the vulnerability if the system discloses registration status in error messages. [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by commit 234197c4f8fc7ce24bdcff5430cd42492f28936a, which removes the logic that reveals whether an email address is already registered. This patch prevents the system from disclosing email registration status by commenting out the check and assertion that caused the information leak. Additionally, implementing security controls such as rate limiting and Cross-Site Request Forgery (CSRF) protection on the /api/settings/sendEmailCode endpoint can help prevent brute-force enumeration attacks. Until the patch is applied, monitoring and restricting access to this endpoint is recommended to reduce exploitation risk. [2, 3, 4]