CVE-2025-52666

Summary

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.

Affected Software

VendorProductVersion RangeStatus
ReviveRevive Adserver6.0.1 <= 6.0.1affected
ReviveRevive Adserver5.5.2 <= 5.5.2affected
ReviveRevive Adserver6.0.2 <= 6.0.2unaffected
ReviveRevive Adserver5.5.3 <= 5.5.3unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References