CVE-2025-10676
BaseFortify
Publication date: 2025-09-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fuyang_lipengjun | platform | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in the fuyang_lipengjun platform version 1.0, specifically in the BrandController function of the /brand/queryAll file. It allows an attacker to perform improper authorization by manipulating this function remotely. The exploit is publicly available, meaning attackers can use it to gain unauthorized access or perform actions they should not be allowed to.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to access or manipulate data or functions within the fuyang_lipengjun platform without proper authorization. Since the attack can be executed remotely and the exploit is publicly available, it increases the risk of unauthorized access, potentially leading to data exposure or misuse of the platform's features.