CVE-2025-15154

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Vulnerability Details

Published Date

December 28, 2025

Last Modified

December 30, 2025

CWE ID

CWE-348

Source

NVD

Vendor

pbootcms

Product

pbootcms

External References

https://note-hxlab.wetolink.com/share/JyBNgF8JagWQ
https://vuldb.com/?ctiid.338532
https://vuldb.com/?id.338532
https://vuldb.com/?submit.719818

CVE-2025-15154

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment