{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71282", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-01T00:19:58.852Z", "datePublished": "2026-04-01T00:30:11.612Z", "dateUpdated": "2026-04-01T12:21:37.653Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-01T01:43:22.227Z"}, "datePublic": "2025-07-15T00:00:00.000Z", "title": "XenForo Path Disclosure via open_basedir Exceptions", "descriptions": [{"lang": "en", "value": "XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Generation of Error Message Containing Sensitive Information", "cweId": "CWE-209", "type": "CWE"}]}], "affected": [{"vendor": "XenForo", "product": "XenForo", "versions": [{"version": "2.3.0", "lessThan": "2.3.7", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xenforo:xenforo:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.7"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/", "name": "XenForo 2.3.7 Released (Includes Security Fixes)", "tags": ["vendor-advisory", "patch"]}, {"name": "VulnCheck Advisory: XenForo Path Disclosure via open_basedir Exceptions", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/xenforo-path-disclosure-via-open-basedir-exceptions"}], "credits": [{"lang": "en", "value": "TickTackk", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T12:21:18.319744Z", "id": "CVE-2025-71282", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:21:37.653Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-71282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T12:21:18.319744Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T12:21:32.753Z"}}], "cna": {"title": "XenForo Path Disclosure via open_basedir Exceptions", "credits": [{"lang": "en", "type": "finder", "value": "TickTackk"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "XenForo", "product": "XenForo", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.7", "versionType": "semver"}]}], "datePublic": "2025-07-15T00:00:00.000Z", "references": [{"url": "https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/", "name": "XenForo 2.3.7 Released (Includes Security Fixes)", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.vulncheck.com/advisories/xenforo-path-disclosure-via-open-basedir-exceptions", "name": "VulnCheck Advisory: XenForo Path Disclosure via open_basedir Exceptions", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "Generation of Error Message Containing Sensitive Information"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xenforo:xenforo:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.3.7", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-01T01:43:22.227Z"}}}, "cveMetadata": {"cveId": "CVE-2025-71282", "state": "PUBLISHED", "dateUpdated": "2026-04-01T12:21:37.653Z", "dateReserved": "2026-04-01T00:19:58.852Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-01T00:30:11.612Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xenforo:xenforo:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ADDC458-D5EB-4B70-9EE7-93C78E81EDBD", "versionEndExcluding": "2.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure."}, {"lang": "es", "value": "XenForo anterior a la versi\u00f3n 2.3.7 revela rutas del sistema de archivos a trav\u00e9s de mensajes de excepci\u00f3n provocados por restricciones de open_basedir. Esto permite a un atacante obtener informaci\u00f3n sobre la estructura de directorios del servidor."}], "id": "CVE-2025-71282", "lastModified": "2026-04-01T18:53:29.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-01T01:16:40.797", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/xenforo-path-disclosure-via-open-basedir-exceptions"}, {"source": "disclosure@vulncheck.com", "tags": ["Release Notes"], "url": "https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.3.0,2.3.7)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "XenForo", "source": "cna", "vendor": "XenForo"}, "product": "xenforo", "vendor": "xenforo"}], "analysis": {"en": {"generated_at": "2026-04-01T05:55:40.983106+00:00", "value": {"mitigation_remediation": ["Apply the XenForo update to version 2.3.7 or later to remove the vulnerable exception handling.", "If an immediate patch is not feasible, configure PHP to suppress or hide open_basedir exception messages so they are not sent to users.", "Restrict the open_basedir setting in the PHP configuration to only the directories required by XenForo.", "After remediation, verify that no path disclosure messages appear and monitor logs for attempts to access files outside the allowed directories."], "summary": {"action": "Immediate Patch", "impact": "Information disclosure of server directory paths"}, "threat_synthesis": {"affected_systems": "The affected product is XenForo forum software before version 2.3.7. All earlier releases are impacted.", "description_and_impact": "XenForo versions before 2.3.7 emit exception messages when open_basedir restrictions are triggered. These messages contain absolute filesystem paths, thereby revealing the layout of the server\u2019s directories. An attacker can use this information to map the underlying file system and identify potential targets for further attacks. The weakness falls under the category of information disclosure.", "risk_and_exploitability": "The vulnerability has a high severity rating, with a score of 8.7. No exploitation probability score is available, and the issue is not in the Known Exploited Vulnerabilities catalog. The likely attack path is through the web interface; any request that triggers an open_basedir exception will cause the server to return the detailed path information. Thus, unauthenticated or authenticated web traffic can expose directory paths, representing a significant risk to the confidentiality of the server\u2019s file system."}}}}, "created": "2026-04-02T07:51:04.083549+00:00", "updated": "2026-04-02T20:09:43.502658+00:00", "vendors": ["xenforo", "xenforo$PRODUCT$xenforo"]}