CVE-2025-48986

Summary

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.

Affected Software

VendorProductVersion RangeStatus
ReviveRevive Adserver5 <= 5.5.2affected
ReviveRevive Adserver5.5.3 <= 5.5.3unaffected
ReviveRevive Adserver6.0.2 <= 6.0.2unaffected
ReviveRevive Adserver6 <= 6.0.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References