CVE-2025-67163: Input Validation
Published Dec 18, 2025
·Updated
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.
Affected Software
2 affected components
Simple Machines Simple Machines Forum
SimpleMachines Simple Machines Forum=2.1.6
Event History
Dec 18, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·08:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-67163?
CVE-2025-67163 is categorized as a high-severity vulnerability due to its potential for stored cross-site scripting attacks.
2
How do I fix CVE-2025-67163?
To fix CVE-2025-67163, upgrade to the latest version of Simple Machines Forum that has addressed this vulnerability.
3
What type of attack does CVE-2025-67163 enable?
CVE-2025-67163 enables attackers to execute arbitrary web scripts or HTML via stored cross-site scripting.
4
Which versions of Simple Machines Forum are affected by CVE-2025-67163?
CVE-2025-67163 specifically affects Simple Machines Forum version 2.1.6.
5
How can I determine if my Simple Machines Forum installation is vulnerable to CVE-2025-67163?
Check if your Simple Machines Forum is running version 2.1.6 and look for unpatched updates in the official release notes.