CVE-2025-8807
BaseFortify
Publication date: 2025-08-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tianti_project | tianti | to 2.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8807 is a critical security flaw in the Tianti software version 2.3 where the permission model is enforced only on the client side (UI), which merely hides functionality but does not secure it. The backend API trusts all incoming requests without verifying user roles or permissions. Because all API endpoints are exposed in the JavaScript code, low-privilege users can bypass UI restrictions by sending direct API requests. This leads to a vertical privilege escalation vulnerability, allowing attackers to perform actions reserved for super administrators, such as resetting passwords, deleting users, and managing permissions. [1, 3]
How can this vulnerability impact me? :
This vulnerability can severely impact the confidentiality, integrity, and availability of your system. An attacker with low privileges can remotely exploit the flaw to escalate their privileges to super administrator level. This allows them to reset passwords, delete users arbitrarily, manage menu permissions, and disable legitimate users, potentially locking them out. The exploit is easy to perform remotely, and a proof-of-concept is publicly available. No patches or mitigations are currently known, increasing the risk. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious direct API calls to the backend endpoints, especially to `/tianti-module-admin/user/ajax/save` and other user management APIs exposed in the JavaScript code. Detection can involve capturing and analyzing HTTP requests to identify attempts to bypass the UI and directly invoke backend APIs with elevated privileges. For example, using tools like curl or web proxies to check if direct POST requests to `/tianti-module-admin/user/ajax/save` can modify user roles without proper authorization. A sample detection command could be: curl -X POST -d 'id=your_user_id&roleId=super_admin_role_id' https://target/tianti-module-admin/user/ajax/save If this request succeeds without proper authorization, the system is vulnerable. Additionally, monitoring logs for unusual privilege escalation attempts or unexpected changes in user roles can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable API endpoints by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to block unauthorized requests to `/tianti-module-admin/user/ajax/save` and related user management APIs. Since no patches or vendor fixes are available, consider replacing the affected product with a more secure alternative. Additionally, limit user privileges to the minimum necessary and monitor for suspicious activity. Applying strict access controls and disabling remote access to the administration interface where possible can reduce risk. Finally, closely monitor logs for signs of exploitation and prepare incident response plans. [2]