CVE-2025-62524
MEDIUM EPSS 14.7%
Published Oct 27, 20258mo ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Published Oct 27, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
14.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-497
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| thm | pilos | * | <4.8.0 |
References 2
- github.com https://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8
- github.com https://github.com/THM-Health/PILOS/security/advisories/GHSA-q93h-5j6h-j22x
Remediation
- github.com https://github.com/THM-Health/PILOS/commit/14655bc4f8128ffd2b3c25004b01d9a802808da8