Cyber Resilience

CVE-2025-47776

High

Published: 04 November 2025

Published
04 November 2025
Modified
10 November 2025
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 22.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47776 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Mantisbt Mantisbt. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-47776 is a critical authentication bypass vulnerability in Mantis Bug Tracker (MantisBT), an open-source issue tracking system, affecting versions 2.27.1 and earlier. The flaw arises from the incorrect use of loose equality comparison (==) instead of strict equality (===) in the authentication code when using the MD5 login method. This triggers PHP type juggling, where certain MD5 password hashes represented in scientific notation are interpreted as numbers, specifically allowing hashes that evaluate to zero to match incorrectly. The vulnerability is rated 9.1 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-305.

An unauthenticated attacker with network access can exploit this vulnerability if they know the victim's username and have access to an account whose password hash evaluates to zero. By entering any password whose MD5 hash also evaluates to zero during login, the attacker can impersonate the victim without knowing their actual password, gaining unauthorized access to the account. This enables high-impact confidentiality and integrity violations, such as data exfiltration or modification.

The vulnerability is fixed in MantisBT version 2.27.2. The GitHub security advisory (GHSA-4v8w-gg5j-ph37) and the fixing commit (966554a19cf1bdbcfbfb3004766979faa748f9a2) detail the patch, which replaces the loose comparison with a strict one to prevent type juggling. Security practitioners should immediately upgrade affected instances to version 2.27.2 or later.

EU & UK References

Vulnerability details

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific…

more

notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a critical authentication bypass in a network-accessible web application (MantisBT), directly enabling exploitation of a public-facing application for unauthorized account access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30849Same product: Mantisbt Mantisbt
CVE-2025-68435Shared CWE-305
CVE-2025-36386Shared CWE-305
CVE-2025-13915Shared CWE-305
CVE-2026-2652Shared CWE-305
CVE-2026-4670Shared CWE-305
CVE-2026-22153Shared CWE-305
CVE-2026-33892Shared CWE-305
CVE-2025-41733Shared CWE-305
CVE-2025-4320Shared CWE-305

Affected Assets

mantisbt
mantisbt
≤ 2.27.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely patching of known flaws like the authentication bypass in MantisBT versions 2.27.1 and earlier, fixed in 2.27.2.

prevent

Requires authenticator management with sufficient strength of mechanism to avoid vulnerable MD5 hashing and loose comparisons exploitable via PHP type juggling.

preventdetect

Vulnerability scanning identifies and drives remediation of specific flaws such as CVE-2025-47776 in deployed issue trackers.

References