CVE-2025-3398

A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619	Broken Link
https://vuldb.com/?ctiid.303643	Permissions Required VDB Entry
https://vuldb.com/?id.303643	Third Party Advisory VDB Entry
https://vuldb.com/?submit.525609	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:lenve:vblog:-:*:*:*:*:*:*:*

History

15 Oct 2025, 16:47

Type	Values Removed	Values Added
First Time		Lenve Lenve vblog
CPE		cpe:2.3:a:lenve:vblog:-:::::::*
References	~~() https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619 -~~	() https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619 - Broken Link
References	~~() https://vuldb.com/?ctiid.303643 -~~	() https://vuldb.com/?ctiid.303643 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.303643 -~~	() https://vuldb.com/?id.303643 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.525609 -~~	() https://vuldb.com/?submit.525609 - Third Party Advisory, VDB Entry

08 Apr 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad clasificada como crítica en lenve VBlog hasta la versión 1.0.0. Esta vulnerabilidad afecta la función configure del archivo blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. La manipulación genera controles de acceso inadecuados. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.

08 Apr 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 02:15

Updated : 2025-10-15 16:47

NVD link : CVE-2025-3398

Mitre link : CVE-2025-3398

CVE.ORG link : CVE-2025-3398

JSON object : View

Products Affected

lenve

vblog

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

6.3 /10