CVE-2025-62606HIGH 8.8EPSS p18.3%

CVE-2025-62606CVE-2025-62606

Description

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 2.5.12.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.27% probability of exploitation · percentile 18.3% · 2026-06-18T12:00:27Z
Published2025-10-22
Last modified2026-04-15

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/My-Little-Forum/mylittleforum/releases/tag/20251021.1
  2. https://github.com/My-Little-Forum/mylittleforum/security/advisories/GHSA-m8hj-c6gr-6h6v
  3. https://github.com/My-Little-Forum/mylittleforum/security/advisories/GHSA-m8hj-c6gr-6h6v

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25923
CVE
CVE-2025-6847
CVE
CVE-2025-26136
CVE
CVE-2026-28562
CVE
CVE-2025-6850
CVE
CVE-2025-10668
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.