CVE-2025-62520: 
PHP 脆弱性の分析と軽減

Mantis Bug Tracker (MantisBT) version 2.27.1 and below contains a vulnerability identified as CVE-2025-62520, discovered on October 15, 2025, and disclosed on November 1, 2025. The vulnerability affects the column configuration functionality in MantisBT, an open source issue tracker. Due to insufficient access-level checks, any non-admin user with access to manageconfigcolumns_page.php can use the Copy From action to retrieve the columns configuration from private projects they have no access to (GitHub Advisory).

The vulnerability stems from missing access control checks in the managecolumnscopy.php script when copying column configurations from one project to another. The issue specifically affects users with MANAGER role who can exploit the vulnerability by manipulating the otherprojectid parameter when making requests to the managecolumnscopy.php endpoint. The vulnerability has been assigned a CVSS v4.0 score of 5.3 (Medium) with the following vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N (GitHub Advisory, NVD).

The vulnerability allows unauthorized access to private project configurations. While attackers cannot modify the private project's configuration (the reverse operation 'Copy To' is correctly controlled), they can view sensitive column configuration information from projects they should not have access to (GitHub Advisory).

The vulnerability has been fixed in MantisBT version 2.27.2. The patch adds an explicit access check using accessensureprojectlevel( MANAGER, $tsrcprojectid ) to verify that users have the necessary permissions for the source project before allowing the copy operation. No workarounds are available for users who cannot immediately upgrade (GitHub Advisory, GitHub Commit).