CVE-2025-52666
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-12-02
Assigner: HackerOne
Description
Description
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| revive-adserver | revive_adserver | to 5.5.2 (inc) |
| revive-adserver | revive_adserver | From 6.0.0 (inc) to 6.0.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-134 | The product uses a function that accepts a format string as an argument, but the format string originates from an external source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper neutralisation of format characters in the settings of Revive Adserver versions 5.5.2, 6.0.1, and earlier. It leads to a fatal PHP error that disables the administrator user console.
How can this vulnerability impact me? :
The vulnerability can cause the administrator user console to be disabled due to a fatal PHP error, potentially limiting administrative access and management of the Revive Adserver.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70