CVE-2025-30357

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f	Patch
https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0	Release Notes
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-18 16:15

Updated : 2025-05-13 15:40

NVD link : CVE-2025-30357

Mitre link : CVE-2025-30357

CVE.ORG link : CVE-2025-30357

JSON object : View

Products Affected

namelessmc

nameless

CWE

CWE-706

Use of Incorrectly-Resolved Name or Reference

{"id": "CVE-2025-30357", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2025-04-18T16:15:22.593", "references": [{"url": "https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-706"}]}], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0."}, {"lang": "es", "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. En la versi\u00f3n 2.1.4 y anteriores, si un usuario malicioso deja comentarios spam en muchos temas, un administrador, al no poder eliminar manualmente cada comentario spam, puede eliminar la cuenta maliciosa. Una vez que un administrador elimina la cuenta del usuario malicioso, todas sus publicaciones (comentarios), junto con los temas asociados (de usuarios no relacionados), se marcar\u00e1n como eliminados. Este problema se ha corregido en la versi\u00f3n 2.2.0."}], "lastModified": "2025-05-13T15:40:18.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A429B30-0D89-49F2-BAE4-61911F252441", "versionEndExcluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}