CVE-2025-52666

EUVD-2025-198351
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
hackeroneCNA
2.7 LOW
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
revive-adserverrevive_adserver
𝑥
≤ 5.5.2
revive-adserverrevive_adserver
6.0.0 ≤
𝑥
≤ 6.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://hackerone.com/reports/3399218
https://hackerone.com/reports/3399218