{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-55127", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2025-08-07T15:00:05.576Z", "datePublished": "2025-11-20T19:07:15.245Z", "dateUpdated": "2025-11-20T21:19:26.325Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion."}], "affected": [{"vendor": "Revive", "product": "Revive Adserver", "versions": [{"version": "6", "status": "affected", "lessThanOrEqual": "6.0.2", "versionType": "semver"}, {"version": "6.0.3", "status": "unaffected", "lessThanOrEqual": "6.0.3", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/3413764"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-11-20T19:07:15.245Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-156", "lang": "en", "description": "CWE-156 Improper Neutralization of Whitespace"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-20T21:19:19.157290Z", "id": "CVE-2025-55127", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-20T21:19:26.325Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-55127", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-20T21:19:19.157290Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-156", "description": "CWE-156 Improper Neutralization of Whitespace"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-20T21:19:02.968Z"}}], "cna": {"affected": [{"vendor": "Revive", "product": "Revive Adserver", "versions": [{"status": "affected", "version": "6", "versionType": "semver", "lessThanOrEqual": "6.0.2"}, {"status": "unaffected", "version": "6.0.3", "versionType": "semver", "lessThanOrEqual": "6.0.3"}]}], "references": [{"url": "https://hackerone.com/reports/3413764"}], "descriptions": [{"lang": "en", "value": "HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2025-11-20T19:07:15.245Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55127", "state": "PUBLISHED", "dateUpdated": "2025-11-20T21:19:26.325Z", "dateReserved": "2025-08-07T15:00:05.576Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2025-11-20T19:07:15.245Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CF3AE99-F6AB-419A-BB38-D1CDE5B195D2", "versionEndExcluding": "6.0.3", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion."}, {"lang": "es", "value": "El miembro de la comunidad de HackerOne Dao Hoang Anh (yoyomiski) ha informado una neutralizaci\u00f3n impropia de espacios en blanco en el nombre de usuario al a\u00f1adir nuevos usuarios. Un nombre de usuario con espacios en blanco iniciales o finales podr\u00eda ser virtualmente indistinguible de su contraparte leg\u00edtima cuando el nombre de usuario se muestra en la UI, potencialmente llevando a confusi\u00f3n."}], "id": "CVE-2025-55127", "lastModified": "2026-01-14T21:18:27.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-20T19:16:19.027", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://hackerone.com/reports/3413764"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-156"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-11-24T09:09:38.303422+00:00", "updated": "2025-11-24T09:09:38.303448+00:00", "vendors": ["revive", "revive$PRODUCT$adserver"]}