MyBB Server-Side Request Forgery (SSRF) Vulnerability - CVE-2025-29457 - Vulnerability Database

MyBB Server-Side Request Forgery (SSRF) Vulnerability - CVE-2025-29457

High

Reference: CVE-2025-29457

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-29457

Title: MyBB Server-Side Request Forgery (SSRF) Vulnerability

Overview:

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.