CVE-2025-55129
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-02
Assigner: HackerOne
Description
Description
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| revive_adserver | revive_adserver | 3.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-176 | The product does not properly handle when an input contains Unicode encoding. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Revive Adserver involves username handling that remains susceptible to impersonation attacks even after a previous fix (CVE-2025-52672). Attackers can exploit alternate techniques, including homoglyph-based impersonation, to impersonate other users.
How can this vulnerability impact me? :
The vulnerability can allow attackers to impersonate legitimate users by exploiting weaknesses in username handling. This can lead to unauthorized actions or access within the Revive Adserver system, potentially compromising integrity and trust.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70