Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-2686
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-24 Mar, 2025 | 05:31
Updated At-24 Mar, 2025 | 15:24
Rejected At-
▼CVE Numbering Authority (CNA)
mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Backend admin doFilter access control

A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
mingyuefusu 明月复苏
Product
tushuguanlixitong 图书管理系统
Modules
  • Backend
Versions
Affected
  • d4836f6b49cd0ac79a4021b15ce99ff7229d4694
Problem Types
TypeCWE IDDescription
CWECWE-284Improper Access Controls
CWECWE-266Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2.06.4N/A
AV:N/AC:L/Au:N/C:N/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
enenen (VulDB User)
Timeline
EventDate
Advisory disclosed2025-03-23 00:00:00
VulDB entry created2025-03-23 01:00:00
VulDB entry last update2025-03-23 10:22:32
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.300703
vdb-entry
technical-description
https://vuldb.com/?ctiid.300703
signature
permissions-required
https://vuldb.com/?submit.521449
third-party-advisory
https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTS25
exploit
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found