CVE-2025-52670

Published: Nov 20, 2025Modified: Dec 2, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts

Affected (2)

Products: Revive Adserver: Revive Adserver

Revive Adserver

1 product

Revive Adserver

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Revive Adserver Revive Adserver	Up to 5.5.2
Revive Adserver Revive Adserver	From 6.0.0 to 6.0.1

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

https://hackerone.com/reports/3401612

Source: support@hackerone.com

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.