CVE-2025-52670

🗓️ 20 Nov 2025 19:10:15Reported by hackeroneType

Missing authorization check in Revive Adserver versions five point five two and six point zero one enables deleting banners owned by others.

Reporter	Title	Published	Views	Family All 9
CNNVD	Revive Adserver 安全漏洞	20 Nov 202500:00	–	cnnvd
CNVD	Revive Adserver Missing Authorization Vulnerability	24 Nov 202500:00	–	cnvd
Cvelist	CVE-2025-52670	20 Nov 202519:10	–	cvelist
EUVD	EUVD-2025-198332	20 Nov 202521:30	–	euvd
Hacker One	Revive Adserver: IDOR Vulnerability in Banner Deletion	27 Oct 202517:29	–	hackerone
NVD	CVE-2025-52670	20 Nov 202520:16	–	nvd
Positive Technologies	PT-2025-47620	20 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-52670	21 Nov 202519:37	–	redhatcve
Vulnrichment	CVE-2025-52670	20 Nov 202519:10	–	vulnrichment

NVD

Node

revive-adserver revive_adserverRange≤5.5.2

revive-adserver revive_adserverRange6.0.0–6.0.1

[
  {
    "vendor": "Revive",
    "product": "Revive Adserver",
    "versions": [
      {
        "version": "6",
        "status": "affected",
        "lessThanOrEqual": "6.0.1",
        "versionType": "semver"
      },
      {
        "version": "5",
        "status": "affected",
        "lessThanOrEqual": "5.5.2",
        "versionType": "semver"
      },
      {
        "version": "6.0.2",
        "status": "unaffected",
        "lessThanOrEqual": "6.0.2",
        "versionType": "semver"
      },
      {
        "version": "5.5.3",
        "status": "unaffected",
        "lessThanOrEqual": "5.5.3",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/3401612

02 Dec 2025 20:17Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5

CVSS 37.1

EPSS0.00023

SSVC