CVE-2025-47776
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-04

Last updated on: 2025-11-10

Assigner: GitHub, Inc.

Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-04
Last Modified
2025-11-10
Generated
2026-06-16
AI Q&A
2025-11-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-47776
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mantisbt mantisbt to 2.27.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Mantis Bug Tracker (MantisBT) versions 2.27.1 and below is caused by the incorrect use of loose (==) instead of strict (===) comparison in the authentication code. Due to PHP type juggling, certain MD5 hashes that resemble scientific notation are interpreted as numbers. An attacker who knows a victim's username and has access to an account with a password hash that evaluates to zero can log in as the victim without knowing their actual password by using any other password whose hash also evaluates to zero. This issue is fixed in version 2.27.2.

Impact Analysis

This vulnerability allows an attacker to bypass authentication and log in as another user without knowing their actual password, provided the attacker knows the victim's username and has access to an account with a password hash that evaluates to zero. This can lead to unauthorized access to sensitive information and potentially compromise the integrity and confidentiality of the system.

Mitigation Strategies

Upgrade Mantis Bug Tracker to version 2.27.2 or later, where this vulnerability is fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47776. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart