Описание
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.
Ссылки
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.0 (включая) до 6.0.4 (исключая)
cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-176
Связанные уязвимости
CVSS3: 5.4
github
2 месяца назад
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.
EPSS
Процентиль: 5%
0.00021
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-176