CVE-2025-10086 MEDIUM

CVE-2025-10086: fuyang_lipengjun platform AdPositionController queryAll improper authorization

Vendor Fuyang_Lipengjun
Product platform
Weakness CWE-285
Published September 8, 2025
Last update September 8, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936.

Key dates

02Disclosure timeline

September 8, 2025 CVE published
September 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-4617 SourceCodester Patients Waiting Area Queue Management System Patient Check-In api_patient_checkin.php ValidateToken improper authorization CVE-2024-39415 An unauthorized user can export the Tax Sales Report CVE-2020-3394 Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability CVE-2025-10992 roncoo roncoo-pay lookupList improper authorization CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking