
Hackers are exploiting critical flaw in vBulletin forum software
Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. The flaws, tracked under CVE-2025-48827 and CVE-2025-48828, and rated critical (CVSS v3 score: 10.0 and 9.0 respectively), are an API method invocation and a remote code execution (RCE) via template engine abuse flaws. […]