CVE-2025-9936 MEDIUM

CVE-2025-9936: fuyang_lipengjun platform queryAll AdController improper authorization

Vendor Fuyang_Lipengjun

Product platform

Weakness CWE-285

Published September 3, 2025

Last update September 4, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Key dates

02Disclosure timeline

September 3, 2025 CVE published

September 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9936 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2025-9937 elunez eladmin LocalStorageController deleteFile improper authorization CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies CVE-2021-28567 Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission CVE-2023-3957 ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update CVE-2023-5948 Improper Authorization in teamamaze/amazefileutilities