CVE-2025-71278 in XenForoinformation

Résumé (Anglaise)

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level.

Responsable

VulnCheck

Réserver

01/04/2026

Divulgation

01/04/2026

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
354532XenForo élévation de privilèges863Non définiCorrectif officielCVE-2025-71278

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!