N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62520

GHSA ID

GHSA-g582-8vwr-68h2

EPSS Score

CWE

CWE-285

Published

11/3/2025

Updated

11/3/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62520

CVE-2025-62520: MantisBT unauthorized disclosure of private project column configuration

Impact

Due to insufficient access-level checks, any non-admin user having access to manage_config_columns_page.php (typically project managers having MANAGER role) can use the Copy From action to retrieve the columns configuration from a private project they have no access to.

Access to the reverse operation (Copy To) is correctly controlled, i.e. it is not possible to alter the private project's configuration.

Patches

The vulnerability will be fixed in MantisBT version 2.27.2.

Workarounds

None

Credits

Thanks to d3vpoo1 for reporting the issue.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62520

GHSA ID

GHSA-g582-8vwr-68h2

EPSS Score

CWE

CWE-285

Published

11/3/2025

Updated

11/3/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mantisbt/mantisbt	composer	< 2.27.2	2.27.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The security advisory states that the vulnerability is due to insufficient access-level checks when copying column configurations from a private project. The provided patch in commit 4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3 modifies the manage_columns_copy.php file. This file is responsible for handling the 'Copy From' action. The patch adds a crucial access check to verify that the user has at least 'MANAGER' privileges on the source project ($t_src_project_id) before allowing the configuration to be copied. The vulnerable code is not within a specific function but in the main execution flow of the manage_columns_copy.php script. Therefore, the script itself is the vulnerable component that would be seen in a runtime profile when the vulnerability is exploited.

Vulnerable functions

manage_columns_copy.php

manage_columns_copy.php

The vulnerability lies in the `manage_columns_copy.php` script, which handles the 'Copy From' action for column configurations. Before the patch, this script lacked sufficient access control checks. A user with manager-level access to any project could craft a request to this script, specifying a private project they do not have access to as the source for the copy operation. The script would then disclose the column configuration of that private project. The patch introduces an explicit check using `access_ensure_project_level( MANAGER, $t_src_project_id )` to ensure the user has the necessary permissions for the source project before proceeding.

WAF Protection Rules

WAF Rule

### Imp**t *u* to insu**i*i*nt ****ss-l*v*l ****ks, *ny non-**min us*r **vin* ****ss to _m*n***_*on*i*_*olumns_p***.p*p_ (typi**lly proj**t m*n***rs **vin* M*N***R rol*) **n us* t** _*opy *rom_ **tion to r*tri*v* t** *olumns *on*i*ur*tion *rom * pri

Reasoning

T** s**urity **visory st*t*s t**t t** vuln*r**ility is *u* to insu**i*i*nt ****ss-l*v*l ****ks w**n *opyin* *olumn *on*i*ur*tions *rom * priv*t* proj**t. T** provi*** p*t** in *ommit `****************************************` mo*i*i*s t** `m*n***_*ol

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-62520: MantisBT unauthorized disclosure of private project column configuration

Impact

Patches

Workarounds

Credits

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI