Recent security analysis by researchers at KEVInte have uncovered ongoing exploitation of a critical vulnerability affecting vBulletin, a widely used forum software with a history dating back to 2000. Known for powering countless online communities, vBulletin’s long-standing presence in the web forum space makes it a prime target for attackers, especially when security flaws remain unpatched.
On May 23, 2025, security researchers from InSecurity disclosed a serious Unauthenticated Remote Code Execution (RCE) flaw impacting versions 5.0.0 through 6.0.3 of vBulletin. The researcher also released a proof-of-concept (PoC), indicating that malicious actors may leverage this vulnerability to execute arbitrary code on vulnerable systems without requiring authentication.
While the Unauthenticated Remote Code Execution (RCE) vulnerability was believed to have been patched over a year ago after findings from security researchers from InSecurity, recent activity suggests otherwise. KEVIntel’s monitoring revealed active exploitation in the wild, with an overseas endpoint attempting to exploit the flaw using a known attack vector.
Tracked as CVE-2025-48827 and CVE-2025-48828, the exploitation revolves around a flaw in the “ajax/api/ad/replaceAdTemplate” endpoint. Research analysis of logs showed multiple attempts made using POST requests with payloads like:
<vb:if condition='"passthru"($_POST["cmd"])'></vb:if>
These attempts were made with a common user-agent string mimicking Chrome on Windows.
Impacted Versions
The latest release, version 6.1.1, is not affected. Versions 5.7.5 and 6.0.1 – 6.0.3 have received the necessary pathces.
Affected versions include vBulletin 5.0.0 up to 6.0.3
If you’re running an older vBulletin version, especially anything below 6.1.1, it is critical to update immediately. The window for attackers to exploit unpatched systems remains open, and the risks include remote code execution, data breaches, and site compromise.
This incident underscores the importance of timely software updates and proactive monitoring. If you manage vBulletin forums or similar platforms, ensure your systems are up to date, and perform regular research and security reviews.
Leave a Reply