CVE-2025-71280

MEDIUM NVD

CVSS Score 6.2

Severity MEDIUM

Published Apr 01, 2026

Vendor unknown

Description

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.

References

https://www.vulncheck.com/advisories/xenforo-local-account-page-caching-information-disclosure
https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/