CVE-2025-10675
BaseFortify
Publication date: 2025-09-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fuyang_lipengjun | platform | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the fuyang_lipengjun platform version 1.0, specifically in the AttributeController function of the /attribute/queryAll file. It allows improper authorization due to manipulation, meaning that an attacker with some privileges can remotely exploit this flaw to access or query attributes they should not be authorized to access.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to certain attributes or data within the platform, potentially exposing sensitive information. Since it allows remote exploitation, attackers could manipulate the system without physical access, which may compromise data confidentiality to some extent.