CVE-2025-12297

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-12297

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12297.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-12297

Published

2025-10-27T17:15:37.300Z

Modified

2025-11-16T12:30:23.247437Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.

References

Affected packages

Git / github.com/tomoya92/pybbs

Affected ranges

Type: GIT
Repo: https://github.com/tomoya92/pybbs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2a3e67f463b0582611a1241ecb172bd28cefc516

Affected versions

jfinalbbs2.*

jfinalbbs2.0

jfinalbbs2.1

jfinalbbs2.2

pybbs-4.*

pybbs-4.0-beta

pybbs2.*

pybbs2.5

pybbs2.5-lastest

pybbs2.6

pybbs4.*

pybbs4.0-release

v5.*

v5.0

v5.1.0

v5.2.0

v5.2.1

v6.*

v6.0.0