CVE-2025-71282

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Apr 01, 2026

Vendor unknown

Description

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.

References

https://www.vulncheck.com/advisories/xenforo-path-disclosure-via-open-basedir-exceptions
https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/