EUVD-2025-16775CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Analysis
Critical improper authorization vulnerability in the bskms 蓝天幼儿园管理系统 (Lantian Kindergarten Management System) affecting the /sa/addUser endpoint of the User Creation Handler component. The vulnerability allows unauthenticated remote attackers to bypass authorization controls and manipulate user creation functionality, potentially leading to unauthorized account creation, privilege escalation, or data compromise. The exploit has been publicly disclosed with proof-of-concept code available, and the affected product uses continuous delivery with rolling releases, making precise version tracking difficult.
Technical Context
This vulnerability exists in a kindergarten management system (bskms) that handles administrative functions including user account management. The affected component is the User Creation Handler, specifically the /sa/addUser endpoint used for creating system users. The root cause is classified as CWE-266 (Improper Privilege Management), indicating the system fails to properly enforce authorization checks before processing user creation requests. The vulnerability likely stems from missing or inadequate authentication/authorization middleware on the administrative endpoint, allowing the system to process user creation requests without validating the requestor's privileges. The continuous delivery model with rolling releases suggests this is a web application without traditional versioning, making it inherently difficult to track affected versions or apply discrete patches.
Affected Products
- product: bskms (蓝天幼儿园管理系统 - Lantian Kindergarten Management System); vendor: jack0240 魏; affected_version: up to commit dffe6640b5b54d8e29da6f060e0493fea74b3fad; affected_component: User Creation Handler (/sa/addUser endpoint); cpe: Not available in standard format (continuous delivery product); update_status: Continuous delivery with rolling releases; no discrete version updates available
Remediation
Immediate remediation steps: (1) Apply authorization middleware to the /sa/addUser endpoint requiring authenticated admin credentials before processing any user creation requests; (2) Implement role-based access control (RBAC) verifying the requesting user has 'user_management' or 'admin' privileges; (3) Add input validation and rate limiting to the /sa/addUser endpoint to prevent abuse; (4) Audit all user accounts created via this endpoint since the vulnerability was introduced; (5) Review access logs for unauthorized user creation attempts; (6) Deploy a Web Application Firewall (WAF) rule blocking unauthenticated POST requests to /sa/addUser if an immediate patch is unavailable. Since the product uses continuous delivery, contact the vendor (jack0240 魏) for an urgent security patch via the bskms repository. Monitor the project repository for security commits addressing CWE-266 fixes. Consider implementing JWT or session-based authentication if not already present.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today