What is the CVSS score of EUVD-2025-201239?

EUVD-2025-201239 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Java are affected by EUVD-2025-201239?

A HIGH severity access control vulnerability in ApiOrderService.java (platform v1.0.0) allows unauthenticated or unauthorized attackers to access sensitive order information through crafted API…

How to fix or mitigate EUVD-2025-201239?

Within 24 hours: Identify all systems running platform v1.0.0 and isolate ApiOrderService endpoints from untrusted networks; enable enhanced logging on API calls to detect exploitation. Within 7 days: Deploy WAF rules to block malformed API requests targeting sensitive endpoints; implement strict input validation and rate limiting on order-related APIs. Within 30 days: Upgrade to patched version when released; conduct full audit of order data access logs for unauthorized access; notify affected customers if compromise is confirmed.

Java EUVD-2025-201239

| CVE-2025-57212 HIGH

Improper Access Control (CWE-284)

2025-12-04 cve@mitre.org

Authentication Bypass Java Platform

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201239

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

CVE Published

Dec 04, 2025 - 16:16 nvd

HIGH 7.5

DescriptionCVE.org

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

Analysis

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

More from same product – last 7 days

CVE-2026-28575 CRITICAL Act Now

10.0 Jun 17

Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.tran

CVE-2026-41699 CRITICAL Act Now

9.8 Jun 11

Remote code execution in Spring for GraphQL versions 1.3.0-1.3.8, 1.4.0-1.4.5, and 2.0.0-2.0.3 allows unauthenticated at

CVE-2026-47835 HIGH This Week

8.6 Jun 15

NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t

CVE-2026-47825 HIGH This Week

8.6 Jun 15

Origin validation failure in Spring Cloud Gateway (WebMVC and WebFlux Server variants) allows remote attackers to spoof

CVE-2026-40999 HIGH This Week

8.6 Jun 11

Server-Side Request Forgery in Spring Web Services (versions 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1) al

EUVD-2025-201239 vulnerability details – vuln.today

Back

Java EUVD-2025-201239

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code