CVE-2025-52669
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-12-02
Assigner: HackerOne
Description
Description
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| revive-adserver | revive_adserver | to 5.5.2 (inc) |
| revive-adserver | revive_adserver | From 6.0.0 (inc) to 6.0.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by insecure design policies in the user management system of Revive Adserver versions 5.5.2, 6.0.1, and earlier. It allows non-admin users to access the contact names and email addresses of other users on the system, which should normally be restricted.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of user contact information, potentially resulting in privacy violations, targeted phishing attacks, or other social engineering exploits against users whose information is exposed.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70