CVE-2025-3567

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E6%9D%83%E9%99%90%E6%A0%A1%E9%AA%8C.md", "name": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E6%9D%83%E9%99%90%E6%A0%A1%E9%AA%8C.md", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.304608", "name": "VDB-304608 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.304608", "name": "VDB-304608 | veal98 ??? Echo ?????? Ticket LoginTicketInterceptor.java preHandle improper authorization", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.549537", "name": "Submit #549537 | https://gitee.com/veal98/Echo Echo 4.2 Improper Authorization", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in veal98 ??? Echo ?????? 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-266"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-3567", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2025-04-14T13:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-14T13:15Z"}