CVE-2025-30357

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f	Patch
https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0	Release Notes
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*

History

13 May 2025, 15:40

Type	Values Removed	Values Added
Summary		(es) NamelessMC es un software web gratuito, fácil de usar y potente para servidores de Minecraft. En la versión 2.1.4 y anteriores, si un usuario malicioso deja comentarios spam en muchos temas, un administrador, al no poder eliminar manualmente cada comentario spam, puede eliminar la cuenta maliciosa. Una vez que un administrador elimina la cuenta del usuario malicioso, todas sus publicaciones (comentarios), junto con los temas asociados (de usuarios no relacionados), se marcarán como eliminados. Este problema se ha corregido en la versión 2.2.0.
First Time		Namelessmc nameless Namelessmc
CPE		cpe:2.3:a:namelessmc:nameless::::::::
References	~~() https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f -~~	() https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f - Patch
References	~~() https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0 -~~	() https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0 - Release Notes
References	~~() https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h -~~	() https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h - Exploit, Vendor Advisory

18 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-18 16:15

Updated : 2025-05-13 15:40

NVD link : CVE-2025-30357

Mitre link : CVE-2025-30357

CVE.ORG link : CVE-2025-30357

JSON object : View

Products Affected

namelessmc

nameless

CWE

CWE-706

Use of Incorrectly-Resolved Name or Reference

7.3 /10