CVE-2025-71282 — XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory struct — CVE Database · The Intelligence Room