VYPR
Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025

CVE-2025-48986

CVE-2025-48986

Description

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.