CVE-2025-47776
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mantisbt | mantisbt | to 2.27.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mantis Bug Tracker (MantisBT) versions 2.27.1 and below is caused by the incorrect use of loose (==) instead of strict (===) comparison in the authentication code. Due to PHP type juggling, certain MD5 hashes that resemble scientific notation are interpreted as numbers. An attacker who knows a victim's username and has access to an account with a password hash that evaluates to zero can log in as the victim without knowing their actual password by using any other password whose hash also evaluates to zero. This issue is fixed in version 2.27.2.
How can this vulnerability impact me? :
This vulnerability allows an attacker to bypass authentication and log in as another user without knowing their actual password, provided the attacker knows the victim's username and has access to an account with a password hash that evaluates to zero. This can lead to unauthorized access to sensitive information and potentially compromise the integrity and confidentiality of the system.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Mantis Bug Tracker to version 2.27.2 or later, where this vulnerability is fixed.