CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30357: NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion

7.3 CVSS

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.

Classification

CVE ID: CVE-2025-30357

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

Problem Types

CWE-706: Use of Incorrectly-Resolved Name or Reference

Affected Products

Vendor: NamelessMC

Product: Nameless

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.52% (scored less or equal to compared to others)

EPSS Date: 2025-05-17 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30357
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h
https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f
https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0

Timeline

2025-04-18 16:40:19 UTC
CVE

NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion