CVE-2025-11321
BaseFortify
Publication date: 2025-10-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zhuimengshaonian | wisdom-education | 1.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a horizontal privilege escalation in the wisdom-education application (up to version 1.0.4). It occurs in the /student/wrongBook interface where an attacker can manipulate the subjectId parameter to bypass authorization checks and access other users' data without permission. The root cause is insufficient access control in the WrongBookController.java component, allowing unauthorized viewing of data by altering request parameters. The attack can be performed remotely and an exploit is publicly available. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized access to other users' data or records by manipulating the subjectId parameter. This compromises the confidentiality of user information, potentially exposing sensitive data to unauthorized parties. Since the attack can be executed remotely and is easy to exploit, it poses a moderate security risk to affected systems. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring requests to the /student/wrongBook interface for unusual or unauthorized manipulation of the subjectId parameter. Network or application logs should be inspected for requests where subjectId is altered to access data belonging to other users. Specific commands depend on your environment, but for example, using grep on server logs to find requests to /student/wrongBook with subjectId parameters can help: grep '/student/wrongBook' /path/to/access.log | grep 'subjectId='. Additionally, web application firewalls (WAF) or intrusion detection systems (IDS) can be configured to alert on such parameter manipulations. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected /student/wrongBook interface to trusted users only, monitoring and logging all access to this endpoint, and applying strict input validation and authorization checks on the subjectId parameter. Since no known countermeasures or patches are currently available, it is recommended to replace the affected component or upgrade to a version without this vulnerability if possible. Additionally, consider implementing network-level controls such as IP whitelisting or VPN access to limit exposure. [2]