CVE-2025-32389

Name: CVE-2025-32389
Creator: NVD / NIST
Published: 2025-04-18T16:15:23.033+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10EPSS 0.41%

Last modified Jun 17, 2026

CVE-2025-32389 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0

8.6/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.41%

32.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

Affected Software

Vendor	Product	Versions
Namelessmc	Nameless	< 2.1.4

References

https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566fPatch
https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4Release Notes
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2xExploit, Vendor Advisory

Timeline

Published: Apr 18, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-32389?

How severe is CVE-2025-32389?

CVE-2025-32389 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2025-32389?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-32389?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST