Search criteria
2 vulnerabilities found for IKUN_Library by code-projects
CVE-2025-3305 (GCVE-0-2025-3305)
Vulnerability from cvelistv5 – Published: 2025-04-05 22:31 – Updated: 2025-04-07 15:59
VLAI
Title
1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control
Summary
A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303502 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303502 | signaturepermissions-required |
| https://vuldb.com/?submit.550186 | third-party-advisory |
| https://github.com/buluorifu/Vulnerability-recurr… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 1902756969 | IKUN_Library |
Affected:
1.0
|
|
| code-projects | IKUN_Library |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:59:09.842878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:59:14.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/IKUN_Library-authority.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Borrow Handler"
],
"product": "IKUN_Library",
"vendor": "1902756969",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"modules": [
"Borrow Handler"
],
"product": "IKUN_Library",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "77cc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In 1902756969/code-projects IKUN_Library 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion addInterceptors der Datei MvcConfig.java der Komponente Borrow Handler. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T22:31:05.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303502 | 1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303502"
},
{
"name": "VDB-303502 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303502"
},
{
"name": "Submit #550186 | code-projects IKUN_Library v1.0 Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.550186"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/IKUN_Library-authority.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-05T08:27:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3305",
"datePublished": "2025-04-05T22:31:05.177Z",
"dateReserved": "2025-04-05T06:22:16.962Z",
"dateUpdated": "2025-04-07T15:59:14.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3305 (GCVE-0-2025-3305)
Vulnerability from nvd – Published: 2025-04-05 22:31 – Updated: 2025-04-07 15:59
VLAI
Title
1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control
Summary
A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303502 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303502 | signaturepermissions-required |
| https://vuldb.com/?submit.550186 | third-party-advisory |
| https://github.com/buluorifu/Vulnerability-recurr… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| 1902756969 | IKUN_Library |
Affected:
1.0
|
|
| code-projects | IKUN_Library |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:59:09.842878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:59:14.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/IKUN_Library-authority.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Borrow Handler"
],
"product": "IKUN_Library",
"vendor": "1902756969",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"modules": [
"Borrow Handler"
],
"product": "IKUN_Library",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "77cc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In 1902756969/code-projects IKUN_Library 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion addInterceptors der Datei MvcConfig.java der Komponente Borrow Handler. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-05T22:31:05.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303502 | 1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303502"
},
{
"name": "VDB-303502 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303502"
},
{
"name": "Submit #550186 | code-projects IKUN_Library v1.0 Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.550186"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/IKUN_Library-authority.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-05T08:27:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3305",
"datePublished": "2025-04-05T22:31:05.177Z",
"dateReserved": "2025-04-05T06:22:16.962Z",
"dateUpdated": "2025-04-07T15:59:14.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}