Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.

INFO

Published Date :

2025-11-04T21:31:13.261Z

Last Modified :

2025-11-04T21:48:13.191Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62520 vulnerability.

Vendors Products
Mantisbt
  • Mantisbt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62520.

URL Resource
https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3 cve-icon cve-icon
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2 cve-icon cve-icon
https://mantisbt.org/bugs/view.php?id=36502 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability