CVE-2025-55155: 
PHP 脆弱性の分析と軽減

Mantis Bug Tracker (MantisBT) versions 2.27.1 and below contain an email verification vulnerability identified as CVE-2025-55155. The vulnerability allows users to change their email address without proper verification of ownership. This security flaw was discovered on May 24, 2025, and was fixed in version 2.27.2 (GitHub Advisory, NVD).

The vulnerability stems from a lack of validation when users modify their email addresses through the profile editing functionality. When a user changes their email address, the system saves it directly without verifying ownership of the new address. The issue has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The vulnerability is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data) and CWE-354 (Improper Validation of Integrity Check Value) (GitHub Advisory, NVD).

The vulnerability can result in two primary impacts: First, users might store invalid email addresses, preventing them from receiving important system notifications. Second, and more critically, system notifications could be sent to unauthorized email addresses, potentially leading to information disclosure (GitHub Advisory).

The vulnerability has been fixed in MantisBT version 2.27.2. The patch implements a token-based email verification flow where instead of updating the email directly, the system now sends a verification link to the new email address. The update is only completed when the user clicks this link. No workarounds are available for users who cannot upgrade immediately (GitHub Advisory, GitHub Commit).