Login Sign Up

CVE-2025-29459

7.6 HIGH
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MyBB 1.8.38's Mail function that could allow attackers to access internal network resources. The vulnerability affects MyBB forum administrators who can use the Mail function. The vendor disputes the severity, citing administrator permissions and existing SSRF mitigations.

💻 Affected Systems

Products:
  • MyBB
Versions: 1.8.38
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator access to the Mail function. The vendor disputes the vulnerability severity due to administrator permissions and existing SSRF mitigations.

📦 What is this software?

Mybb by Mybb

View all CVEs affecting Mybb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to sensitive internal systems, exfiltrates data from internal services, or performs internal network reconnaissance.

🟠

Likely Case

Limited information disclosure from internal services accessible to the MyBB server, potentially exposing configuration details or metadata.

🟢

If Mitigated

Minimal impact if proper network segmentation and SSRF protections are implemented as recommended in MyBB documentation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires administrator-level access to the Mail function. The vulnerability is disputed by the vendor.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Follow workarounds and implement SSRF protections as described in MyBB documentation.

🔧 Temporary Workarounds

Implement SSRF Protections

all

Configure MyBB to restrict access to internal hosts and IP addresses as recommended in official documentation.

Restrict Administrator Access

all

Limit access to the Mail function to only trusted administrators and implement strong authentication controls.

🧯 If You Can't Patch

  • Implement network segmentation to isolate the MyBB server from sensitive internal resources.
  • Deploy web application firewall rules to detect and block SSRF attempts.

🔍 How to Verify

Check if Vulnerable:

Check if running MyBB 1.8.38 and review administrator access controls for the Mail function.

Check Version:

Check MyBB Admin CP → Version & Update section or review inc/config.php for version information.

Verify Fix Applied:

Verify SSRF protections are implemented by testing restricted access to internal resources from the Mail function.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the MyBB server to internal IP addresses
  • Multiple failed attempts to access restricted resources via the Mail function

Network Indicators:

  • HTTP requests from MyBB server to internal services that shouldn't be accessed externally
  • Unusual traffic patterns from the forum server to internal network segments

SIEM Query:

source="mybb_logs" AND (url CONTAINS "mail.php" OR action="mail_function") AND (dest_ip IN (RFC1918_IP_RANGES) OR dest_port NOT IN (80,443))

📊 Metadata

CVE ID: CVE-2025-29459
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-918
EPSS Score: 0.69% exploit probability (71.3th percentile)
Published: April 17, 2025
Last Updated: June 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29459, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)