CVE-2025-8838

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/WinterChenS/my-site/issues/97
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571
https://vuldb.com/?ctiid.319372
https://vuldb.com/?id.319372
https://vuldb.com/?submit.622421
https://github.com/WinterChenS/my-site/issues/97
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571
https://vuldb.com/?submit.622421

Configurations

No configuration.

History

11 Aug 2025, 13:15

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en WinterChenS my-site hasta 1f7525f15934d9d6a278de967f6ec9f1757738d8. Esta vulnerabilidad afecta a la función preHandle del archivo /admin/ de la interfaz de backend del componente. La manipulación del argumento uri provoca una autenticación incorrecta. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado. La existencia real de esta vulnerabilidad aún se duda. Este producto utiliza una versión continua para garantizar una distribución continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las actualizadas. El responsable del código respondió al problema: "Lo probó y, al usar este enlace, se redirige automáticamente a la página de inicio de sesión".
References	~~() https://github.com/WinterChenS/my-site/issues/97 -~~	() https://github.com/WinterChenS/my-site/issues/97 -
References	~~() https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791 -~~	() https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791 -
References	~~() https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571 -~~	() https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571 -
References	~~() https://vuldb.com/?submit.622421 -~~	() https://vuldb.com/?submit.622421 -

11 Aug 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-11 09:15

Updated : 2025-08-11 18:32

NVD link : CVE-2025-8838

Mitre link : CVE-2025-8838

CVE.ORG link : CVE-2025-8838

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

7.3 /10