Ctrl + K
/ news / CVE
CVEPublished 2025-08-05Modified 2025-09-030 articles on news6 live referencesNVD data

CVE-2025-8549Pybbs_project · Pybbs

Vulnerability data via NVD (ingested)

CVSS v3.1
3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS percentile
27
Exploit Prediction Scoring System · top 73% of all CVEs
Weaknesses (CWE)
CWE-521Weak Password Requirements
Description

A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.

Timeline
Published 2025-08-05
Modified 2025-09-03

External references

NVDMITREExploit-DBSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2025-8549
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Pybbs Project Pybbs"
All exposed Pybbs Project Pybbs instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Pybbs"
HTTP body or banner mentions "Pybbs" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2025-8549
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-8549
Censys host search filtered to this CVE id.
grep.app
CVE-2025-8549
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-8549
GitHub code search for direct mentions.
Google dork
"CVE-2025-8549" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (7)

CVE-2025-85497 repos
houjingyi233/macOS-iOS-system-securityunknown
Here is some resources about macOS/iOS system security.
★ 549·updated 1y ago
zast-ai/vulnerability-reportsPython
★ 36·updated 1mo ago
hiifong/starListPython
Export your star's repository list
★ 18·updated today
hugefiver/mystarsunknown
★ 16·updated today
sunlei/awesome-starsPython
My GitHub stars.
★ 8·updated 2w ago
liuzhen9320/zstarunknown
They said organizing stars was extremely troublesome, so I lent a hand.
★ 5·updated today
timoguin/starsunknown
My starred repositories
★ 4·updated today
We haven't classified any articles referencing CVE-2025-8549 yet. The external references above still apply.