{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3325", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-06T05:50:30.628Z", "datePublished": "2025-04-06T23:00:09.284Z", "dateUpdated": "2025-04-07T14:06:13.430Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-06T23:00:09.284Z"}, "title": "iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 Admin Password pwd access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "iteaj", "product": "iboot \u7269\u8054\u7f51\u7f51\u5173", "versions": [{"version": "1.1.3", "status": "affected"}], "modules": ["Admin Password Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 1.1.3 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /core/admin/pwd der Komponente Admin Password Handler. Durch die Manipulation des Arguments ID mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-04-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-06T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-06T07:55:40.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "uglory (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.303537", "name": "VDB-303537 | iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 Admin Password pwd access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.303537", "name": "VDB-303537 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.551869", "name": "Submit #551869 | iteaj iboot 1.1.3 Logical loopholes", "tags": ["third-party-advisory"]}, {"url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T14:06:09.479410Z", "id": "CVE-2025-3325", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T14:06:13.430Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3325", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-07T14:06:09.479410Z"}}}], "references": [{"url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T14:06:03.417Z"}}], "cna": {"title": "iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 Admin Password pwd access control", "credits": [{"lang": "en", "type": "reporter", "value": "uglory (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "iteaj", "modules": ["Admin Password Handler"], "product": "iboot \u7269\u8054\u7f51\u7f51\u5173", "versions": [{"status": "affected", "version": "1.1.3"}]}], "timeline": [{"lang": "en", "time": "2025-04-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-06T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-06T07:55:40.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.303537", "name": "VDB-303537 | iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 Admin Password pwd access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.303537", "name": "VDB-303537 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.551869", "name": "Submit #551869 | iteaj iboot 1.1.3 Logical loopholes", "tags": ["third-party-advisory"]}, {"url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 1.1.3 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /core/admin/pwd der Komponente Admin Password Handler. Durch die Manipulation des Arguments ID mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-06T23:00:09.284Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3325", "state": "PUBLISHED", "dateUpdated": "2025-04-07T14:06:13.430Z", "dateReserved": "2025-04-06T05:50:30.628Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-06T23:00:09.284Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iteaj:iboot:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "737E9372-347B-433F-8CAD-2673BBA2B25E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in iteaj iboot \u7269\u8054\u7f51\u7f51\u5173 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en iteaj iboot ????? 1.1.3. Esta afecta a una parte desconocida del archivo /core/admin/pwd del componente Admin Password Handler. La manipulaci\u00f3n del ID del argumento genera controles de acceso inadecuados. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-3325", "lastModified": "2025-04-08T18:53:43.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-06T23:15:39.640", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.303537"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.303537"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.551869"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://github.com/uglory-gll/javasec/blob/main/iboot.md#1logical-loopholes"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}