CVE-2025-52666

low

Description

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.

References

https://hackerone.com/reports/3399218

Details

Source: Mitre, NVD

Published: 2025-11-20

Updated: 2025-11-21

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 2.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Severity: Low

EPSS

EPSS: 0.00039

Detections

Analytics