{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-12297","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-10-26T16:51:50.650Z","datePublished":"2025-10-27T16:32:14.311Z","dateUpdated":"2025-10-27T17:26:20.100Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-10-27T16:32:14.311Z"},"title":"atjiu pybbs UserApiController.java information disclosure","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"atjiu","product":"pybbs","versions":[{"version":"6.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in atjiu pybbs up to 6.0.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei UserApiController.java. Die Bearbeitung verursacht information disclosure. Es ist möglich, den Angriff aus der Ferne durchzuführen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-10-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-10-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-10-26T17:56:54.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"huangweigang (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.329965","name":"VDB-329965 | atjiu pybbs UserApiController.java information disclosure","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.329965","name":"VDB-329965 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.675906","name":"Submit #675906 | pybbs <=6.0.0 Improper Control of Resource Identifiers","tags":["third-party-advisory"]},{"url":"https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-27T17:25:46.140407Z","id":"CVE-2025-12297","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-27T17:26:20.100Z"}}]}}