216.73.216.170

CVE-2025-55155

· Published 04/11/2025 21:15 · Modified 10/11/2025 18:02

Labels: CVE-2025-55155 2025-11-04CVE-2025-55155CWE-201[email protected]

Essential information

Published
04/11/2025 21:15
Modified
10/11/2025 18:02
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mantisbt / mantisbt cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*

References