What is the CVSS score of CVE-2025-30357?

CVE-2025-30357 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Nameless are affected by CVE-2025-30357?

Organizations using NamelessMC face moderate risk from CVE-2025-30357 rated CVSS 7.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-30357?

Yes, a public proof-of-concept exploit is available for CVE-2025-30357. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-30357?

Within 7 days: Identify all affected systems running version 2.1.4 and and apply vendor patches promptly. Vendor patch is available.

Nameless CVE-2025-30357

HIGH

Use of Incorrectly-Resolved Name or Reference (CWE-706)

2025-04-18 security-advisories@github.com

Information Disclosure Nameless

7.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.3 HIGH

AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:37 vuln.today

Patch released

Mar 28, 2026 - 18:37 nvd

Patch available

PoC Detected

May 13, 2025 - 15:40 vuln.today

Public exploit code

CVE Published

Apr 18, 2025 - 16:15 nvd

HIGH 7.3

DescriptionGitHub Advisory

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.

AnalysisAI

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-706. NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0. Affected products include: Namelessmc Nameless. Version information: version 2.1.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-30357 vulnerability details – vuln.today

Back

Nameless CVE-2025-30357

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code