How severe is CVE-2025-15154?

CVE-2025-15154 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-15154

Name: pbootcms
Author: pbootcms

5.3MEDIUM

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipula

公開日: 12/28/2025更新日: 12/30/2025

説明

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

AI分析AIによる分析

影響を受ける製品

pbootcmspbootcms

参照

https://note-hxlab.wetolink.com/share/JyBNgF8JagWQ
ExploitThird Party Advisory
https://vuldb.com/?ctiid.338532
Permissions RequiredVDB Entry
https://vuldb.com/?id.338532
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.719818
Third Party AdvisoryVDB Entry