[REVIVE-SA-2025-005] Revive Adserver Vulnerability
Revive Adserver <=6.0.3 存在中等风险漏洞(CVE-2025-55129),允许攻击者通过恶意用户名进行身份冒充;已修复于 6.0.4 版本。 2025-12-2 05:28:27 Author: seclists.org(查看原文) 阅读量:0 收藏
Revive Adserver <=6.0.3 存在中等风险漏洞(CVE-2025-55129),允许攻击者通过恶意用户名进行身份冒充;已修复于 6.0.4 版本。 2025-12-2 05:28:27 Author: seclists.org(查看原文) 阅读量:0 收藏
Full Disclosure mailing list archives
From: Matteo Beccati <php () beccati com>
Date: Wed, 26 Nov 2025 15:23:39 +0100
======================================================================== Revive Adserver Security Advisory REVIVE-SA-2025-005 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2025-005 ------------------------------------------------------------------------ Date: 2025-11-26 Risk Level: Medium Applications affected: Revive Adserver Versions affected: <= 6.0.3 Versions not affected: >= 6.0.4 Website: https://www.revive-adserver.com/ ======================================================================== ======================================================================== Vulnerability: Incomplete List of Disallowed Inputs ======================================================================== Vulnerability Type: Incomplete List of Disallowed Inputs [CWE-184] CVE-ID: CVE-2025-55129 Risk Level: Medium CVSS Base Score: 5.4 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N ======================================================================== Description -----------HackerOne community member Kassem S. (kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne community members, such as itz_hari_ and khoof.
Details -------Username validation was historically allowing full UTF-8 usernames. That was supposed to be a feature, but it could be used maliciously to generate usernames visually identical to existing ones, using various techniques, such as homoglyph characters, zero-width spaces, RTL override, and potentially others. An attacker with user creation permissions could specifically craft a username and trick an administrator user to grant other permissions to it rather than the legitimate user.
Following the report, now only usernames with a limited character set (variant of POSIX.1-2017) are allowed.
References ---------- https://hackerone.com/reports/3434156 https://github.com/revive-adserver/revive-adserver/commit/1a4843e https://cwe.mitre.org/data/definitions/184.html ======================================================================== Solution ========================================================================We recommend updating to the most recent 6.0.4 version of Revive Adserver, or whatever happens to be the current release at the time of reading this security advisory.
======================================================================== Contact Information ======================================================================== The security contact for Revive Adserver can be reached at: <security AT revive-adserver DOT com>.Please review https://www.revive-adserver.com/security/ before doing so. We only accept security reports through HackerOne.
-- Matteo Beccati On behalf of the Revive Adserver Team https://www.revive-adserver.com/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- [REVIVE-SA-2025-005] Revive Adserver Vulnerability Matteo Beccati (Dec 01)
文章来源: https://seclists.org/fulldisclosure/2025/Dec/1
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh