CVE-2025-10247
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-09-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10247
EUVD
EUVD-2025-27631
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jepaas jepaas 7.2.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-10247 is an access control vulnerability in JEPaaS version 7.2.8, specifically in the doFilterInternal function of the Filter Handler component. Due to improper implementation of access controls in the SessionFilter component, attackers can bypass authentication and directly access protected interfaces without proper authorization. This happens because the access control check is performed after the asset has already been accessed, allowing unauthorized users to circumvent security controls remotely. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing unauthorized remote attackers to bypass access controls and gain direct access to protected system interfaces. This can lead to unauthorized disclosure of confidential information, modification of data, and disruption of system availability. Since the vulnerability affects confidentiality, integrity, and availability, it poses a significant security risk to affected systems. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to access the protected interfaces without proper authentication using the known proof-of-concept URL path `/error/.%2e;/je/rbac/rbac/queryUser`. Monitoring web server logs for requests containing this path or similar suspicious URL encodings may help identify exploitation attempts. Specific commands are not provided in the resources, but using tools like curl or wget to test the URL or inspecting logs with grep for the path could be effective. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected JEPaaS 7.2.8 product with an alternative solution, as no vendor patches or fixes are available. Additionally, restricting access to the vulnerable component via network controls, such as firewall rules or access control lists, may reduce exposure. Monitoring for exploitation attempts and applying strict access controls at the network perimeter are recommended. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart