kaifangqian-base CVE-2025-11406
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
AnalysisAI
Information disclosure in kaifangqian-base's SysUserController.getAllUsers endpoint allows authenticated remote attackers to retrieve sensitive user data. The vulnerability affects the function up to commit 7b3faecda13848b3ced6c17c7423b76c5b47b8ab and requires login credentials (PR:L in CVSS 4.0), limiting exposure to authenticated users. Public exploit code exists, but the low CVSS score (2.1) and minimal EPSS percentile (8%) suggest limited real-world exploitation despite public availability.
Technical ContextAI
The vulnerability resides in the SysUserController.java class within the kaifangqian-system module of the kaifangqian-parent Maven project structure. The getAllUsers method lacks proper access controls or data filtering, permitting authenticated users to enumerate all system users and retrieve sensitive information fields. This is a classic CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) weakness where an API endpoint fails to enforce authorization or sanitize response payloads. The attack operates over HTTP/HTTPS (AV:N), requires valid credentials for access (PR:L), and exploits the application's insufficient input validation or access control logic in a Java-based web application.
Affected ProductsAI
kaifangqian-base up to commit 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. The product does not use semantic versioning; affected versions are identified by Git commit hash rather than release tags. All instances of kaifangqian-base at or before the specified commit are vulnerable.
RemediationAI
Apply the latest commit after 7b3faecda13848b3ced6c17c7423b76c5b47b8ab from the kaifangqian-base repository. The fix should implement proper access control and authorization checks in the getAllUsers method of SysUserController.java, ensuring that authenticated users can only retrieve user data they are entitled to access, and that sensitive fields (passwords, tokens, internal identifiers) are excluded from API responses. Implement role-based access control (RBAC) validation before returning user lists, and audit the getAllUsers endpoint and similar user-facing APIs for similar authorization bypass vulnerabilities. As a compensating control pending patch deployment, restrict access to the /getAllUsers endpoint at the reverse proxy or API gateway layer using network-level authentication, or temporarily disable the endpoint if not actively in use. Monitor authentication logs for suspicious login attempts followed by user enumeration queries.
Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m
Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti
Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent
Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today