Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
XenForo discloses server directory structure with error messages
CVE-2025-71282
Summary
XenForo software versions prior to 2.3.7 may reveal sensitive information about the server's directory structure. This could potentially be used by an attacker to gather information that could be used for further exploitation. Update to XenForo 2.3.7 or later to prevent this issue.
Original title
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.
Original description
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-209
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026