CVE-2025-48986
CVE-2025-48986
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Revive · Revive AdserverWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://hackerone.com/reports/3398283