Skip to main content

kaifangqian-base CVE-2025-11406

LOW
Information Exposure (CWE-200)
2025-10-07 cna@vuldb.com
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 02:02 vuln.today

DescriptionCVE.org

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

AnalysisAI

Information disclosure in kaifangqian-base's SysUserController.getAllUsers endpoint allows authenticated remote attackers to retrieve sensitive user data. The vulnerability affects the function up to commit 7b3faecda13848b3ced6c17c7423b76c5b47b8ab and requires login credentials (PR:L in CVSS 4.0), limiting exposure to authenticated users. Public exploit code exists, but the low CVSS score (2.1) and minimal EPSS percentile (8%) suggest limited real-world exploitation despite public availability.

Technical ContextAI

The vulnerability resides in the SysUserController.java class within the kaifangqian-system module of the kaifangqian-parent Maven project structure. The getAllUsers method lacks proper access controls or data filtering, permitting authenticated users to enumerate all system users and retrieve sensitive information fields. This is a classic CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) weakness where an API endpoint fails to enforce authorization or sanitize response payloads. The attack operates over HTTP/HTTPS (AV:N), requires valid credentials for access (PR:L), and exploits the application's insufficient input validation or access control logic in a Java-based web application.

Affected ProductsAI

kaifangqian-base up to commit 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. The product does not use semantic versioning; affected versions are identified by Git commit hash rather than release tags. All instances of kaifangqian-base at or before the specified commit are vulnerable.

RemediationAI

Apply the latest commit after 7b3faecda13848b3ced6c17c7423b76c5b47b8ab from the kaifangqian-base repository. The fix should implement proper access control and authorization checks in the getAllUsers method of SysUserController.java, ensuring that authenticated users can only retrieve user data they are entitled to access, and that sensitive fields (passwords, tokens, internal identifiers) are excluded from API responses. Implement role-based access control (RBAC) validation before returning user lists, and audit the getAllUsers endpoint and similar user-facing APIs for similar authorization bypass vulnerabilities. As a compensating control pending patch deployment, restrict access to the /getAllUsers endpoint at the reverse proxy or API gateway layer using network-level authentication, or temporarily disable the endpoint if not actively in use. Monitor authentication logs for suspicious login attempts followed by user enumeration queries.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2025-11406 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy