Login Sign Up

CVE-2025-30357

7.3 HIGH

📋 TL;DR

In NamelessMC versions 2.1.4 and earlier, when an administrator deletes a spammer's account, all posts by that user are deleted along with entire discussion topics created by other users. This affects all NamelessMC installations running vulnerable versions where administrators manage user accounts.

💻 Affected Systems

Products:
  • NamelessMC
Versions: 2.1.4 and prior
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations where administrator privileges are used to delete user accounts.

📦 What is this software?

Nameless by Namelessmc

View all CVEs affecting Nameless →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious users could intentionally spam to trigger account deletion, causing administrators to inadvertently delete legitimate discussion topics and content from other users, potentially wiping community discussions.

🟠

Likely Case

Administrators dealing with spam accounts delete them, unintentionally removing legitimate topics and comments from other users, disrupting community discussions.

🟢

If Mitigated

With proper monitoring and manual content review before account deletion, impact is limited to minor content loss that can be restored from backups.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires creating spam accounts and waiting for administrator action. No special technical skills needed beyond basic account creation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.0

Vendor Advisory: https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h

Restart Required: No

Instructions:

1. Backup your current installation and database. 2. Download NamelessMC v2.2.0 from GitHub releases. 3. Replace all files with the new version. 4. Run any database migrations if prompted.

🔧 Temporary Workarounds

Manual Content Review Before Deletion

all

Review all posts by a user before deleting their account, and manually preserve important topics created by other users.

Temporary Account Suspension

all

Suspend spam accounts instead of deleting them to prevent topic deletion while awaiting patch.

🧯 If You Can't Patch

  • Implement regular database backups to restore deleted content
  • Limit account deletion privileges to senior administrators only

🔍 How to Verify

Check if Vulnerable:

Check NamelessMC version in admin panel or core/classes/Core.php file version constant

Check Version:

Check admin panel or grep 'define(\'NAMELESS_VERSION\'' core/classes/Core.php

Verify Fix Applied:

Verify version is 2.2.0 or later and test that deleting a test user account does not delete topics created by other users

📡 Detection & Monitoring

Log Indicators:

  • Multiple user account deletions by administrators
  • Sudden decrease in forum topic counts
  • User complaints about missing topics

Network Indicators:

  • Increased account creation activity followed by account deletion events

SIEM Query:

event.action:"user_delete" AND event.outcome:"success" AND user.name:"admin"

📊 Metadata

CVE ID: CVE-2025-30357
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H
CWE: CWE-706
EPSS Score: 0.27% exploit probability (49.8th percentile)
Published: April 18, 2025
Last Updated: May 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30357, you might also want to check these:

CVE-2021-40539 9.8

This vulnerability allows attackers to bypass authentication in Zoho ManageEngine ADSelfService Plus...

Same vulnerability type (CWE-706)
CVE-2024-35198 9.8

This vulnerability in TorchServe allows attackers to bypass URL validation checks by using directory...

Same vulnerability type (CWE-706)
CVE-2023-31814 9.8

This CVE describes a file inclusion vulnerability in D-Link DIR-300 routers that allows attackers to...

Same vulnerability type (CWE-706)