CVE-2025-31120

{"id": "CVE-2025-31120", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-04-18T16:15:22.890", "references": [{"url": "https://github.com/NamelessMC/Nameless/commit/9b112c0beab346a38b6f5a51e7773b38c6fc52e7", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-8jv7-77jw-h646", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-8jv7-77jw-h646", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-565"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-565"}]}], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0."}, {"lang": "es", "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. En la versi\u00f3n 2.1.4 y anteriores, un mecanismo inseguro de conteo de visitas en la p\u00e1gina del foro permit\u00eda a un atacante no autenticado aumentar artificialmente el conteo. La aplicaci\u00f3n utiliza una cookie del cliente (nl-topic-[tid]) (o una variable de sesi\u00f3n para invitados) para determinar si se debe contabilizar una visita. Cuando un cliente no proporciona la cookie, cada solicitud de p\u00e1gina incrementa el contador, lo que genera m\u00e9tricas de visitas incorrectas. Este problema se ha corregido en la versi\u00f3n 2.2.0."}], "lastModified": "2025-05-13T15:24:49.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A429B30-0D89-49F2-BAE4-61911F252441", "versionEndExcluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}