CVE-2025-48986

🗓️ 20 Nov 2025 19:11:36Reported by hackeroneType

Revive Adserver authorization bypass lets an authenticated attacker change other users' emails and seize accounts using password reset.

Reporter	Title	Published	Views	Family All 9
CNNVD	Revive Adserver 安全漏洞	20 Nov 202500:00	–	cnnvd
CNVD	Revive Adserver Authorization Bypass Vulnerability	24 Nov 202500:00	–	cnvd
Cvelist	CVE-2025-48986	20 Nov 202519:11	–	cvelist
EUVD	EUVD-2025-198352	20 Nov 202521:30	–	euvd
Hacker One	Revive Adserver: Authorization bypass allows changing email address of other users	24 Oct 202515:14	–	hackerone
NVD	CVE-2025-48986	20 Nov 202520:16	–	nvd
Positive Technologies	PT-2025-47614	20 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-48986	21 Nov 202519:37	–	redhatcve
Vulnrichment	CVE-2025-48986	20 Nov 202519:11	–	vulnrichment

NVD

Node

revive-adserver revive_adserverRange≤5.5.2

revive-adserver revive_adserverRange6.0.0–6.0.1

[
  {
    "vendor": "Revive",
    "product": "Revive Adserver",
    "versions": [
      {
        "version": "5",
        "status": "affected",
        "lessThanOrEqual": "5.5.2",
        "versionType": "semver"
      },
      {
        "version": "5.5.3",
        "status": "unaffected",
        "lessThanOrEqual": "5.5.3",
        "versionType": "semver"
      },
      {
        "version": "6.0.2",
        "status": "unaffected",
        "lessThanOrEqual": "6.0.2",
        "versionType": "semver"
      },
      {
        "version": "6",
        "status": "affected",
        "lessThanOrEqual": "6.0.1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/3398283

25 Nov 2025 18:57Current

6.6Medium risk

Vulners AI Score6.6

CVSS 38.8

EPSS0.0002

SSVC

CWE-284