CVE-2025-62520
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-04

Last updated on: 2025-11-10

Assigner: GitHub, Inc.

Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-04
Last Modified
2025-11-10
Generated
2026-05-06
AI Q&A
2025-11-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62520
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mantisbt mantisbt to 2.27.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Mantis Bug Tracker (MantisBT) versions 2.27.1 and below allows any non-admin user who can access manage_config_columns_page.php to use the Copy From action to retrieve the columns configuration of a private project they do not have access to. This happens due to insufficient access-level checks.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized disclosure of private project configuration information to non-admin users who should not have access, potentially exposing sensitive project details.


What immediate steps should I take to mitigate this vulnerability?

Upgrade Mantis Bug Tracker to version 2.27.2 or later, as this version contains the fix for the insufficient access-level checks vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart