CVE-2025-71281

EUVD-2025-209156
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
xenforoxenforo
𝑥
< 2.3.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vulncheck.com/advisories/xenforo-template-method-call-restriction-bypass
https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/