Skip to main content

Nameless CVE-2025-31120

MEDIUM
Reliance on Cookies without Validation and Integrity Checking (CWE-565)
2025-04-18 security-advisories@github.com
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:37 vuln.today
Patch released
Mar 28, 2026 - 18:37 nvd
Patch available
PoC Detected
May 13, 2025 - 15:24 vuln.today
Public exploit code
CVE Published
Apr 18, 2025 - 16:15 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0.

AnalysisAI

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-565. NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0. Affected products include: Namelessmc Nameless. Version information: version 2.1.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-32389 HIGH POC
8.6 Apr 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 8.6), thi

CVE-2022-2820 HIGH POC
8.2 Aug 15

Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. Rated high severity (CVSS 8.2), this vulnerab

CVE-2025-29784 HIGH POC
7.5 Apr 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.5), thi

CVE-2022-2821 HIGH POC
7.5 Aug 15

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2. Rated high severity (C

CVE-2025-30357 HIGH POC
7.3 Apr 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.3), thi

CVE-2025-31118 HIGH POC
7.1 Apr 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.1), thi

CVE-2025-30158 HIGH POC
7.1 Apr 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.1), thi

CVE-2026-33398 HIGH
7.1 Jun 02

Broken access control in NamelessMC 2.2.4 (Minecraft community website software) allows any low-privileged authenticated

CVE-2026-34460 MEDIUM
5.4 Jun 02

OAuth login CSRF in NamelessMC 2.2.4 and prior enables session swapping by exploiting the absence of server-side state p

CVE-2025-54421 HIGH POC
7.2 Aug 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated high severity (CVSS 7.2), thi

CVE-2025-54118 MEDIUM POC
5.3 Aug 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated medium severity (CVSS 5.3), t

CVE-2025-54117 CRITICAL POC
9.0 Aug 18

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Rated critical severity (CVSS 9.0),

Share

CVE-2025-31120 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy