Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2025-55155

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.

Published: Nov 4, 2025
Updated: Nov 14, 2025
CVE: CVE-2025-55155
GHSA: GHSA-q747-c74m-69pr
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

Affected Software
References

Software	From	Fixed in
mantisbt / mantisbt	-	2.27.2
mantisbt / mantisbt	-	2.27.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo