CVE-2025-3567 MEDIUM

CVE-2025-3567: veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization

Vendor Veal98 小牛肉

Product Echo 开源社区系统

Weakness CWE-285

Published April 14, 2025

Last update April 14, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

April 14, 2025 CVE published

April 14, 2025 Record updated