Use of Less Trusted Source

CVE-2025-15154

Medium

5.5/10

Summary

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-348 - Use of Less Trusted Source

The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

References

Advisory Timeline

Published Dec 28, 2025

Use of Less Trusted Source

CVE-2025-15154

Summary

CWE-348 - Use of Less Trusted Source

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS