{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2320","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-14T17:07:35.163Z","datePublished":"2025-03-14T22:00:09.313Z","dateUpdated":"2025-03-17T15:20:06.922Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-14T22:00:09.313Z"},"title":"274056675 springboot-openai-chatgpt User submit improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"274056675","product":"springboot-openai-chatgpt","versions":[{"version":"e84f6f5","status":"affected"}],"modules":["User Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In 274056675 springboot-openai-chatgpt e84f6f5 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion submit der Datei /api/blade-user/submit der Komponente User Handler. Durch Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-03-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-14T18:12:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"aibot88 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.299749","name":"VDB-299749 | 274056675 springboot-openai-chatgpt User submit improper authorization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.299749","name":"VDB-299749 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.505689","name":"Submit #505689 | 274056675 springboot-openai-chatgpt No version commitID e84f6f5 Least Privilege Violation","tags":["third-party-advisory"]},{"url":"https://www.cnblogs.com/aibot/p/18732226","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-17T15:19:08.345851Z","id":"CVE-2025-2320","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-17T15:20:06.922Z"}}]}}