CVE-2025-15154: Use of Less Trusted Source in PbootCMS
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-15154: Use of Less Trusted Source in PbootCMS
Description
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-12-27T16:47:11.822Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69519ec3fd294cd93b21ed6a
Added to database: 12/28/2025, 9:18:59 PM
Last updated: 12/28/2025, 10:35:08 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15155: Stack-based Buffer Overflow in floooh sokol
MediumCVE-2025-15153: Files or Directories Accessible in PbootCMS
MediumCVE-2025-15152: Unrestricted Upload in h-moses moga-mall
MediumCVE-2025-15151: Password in Configuration File in TaleLin Lin-CMS
MediumCVE-2025-15150: Stack-based Buffer Overflow in PX4 PX4-Autopilot
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.