CVE-2025-15135
Authentication Bypass in joey-zhou xiaozhi-esp32-server-java Cookie Handler
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joey-zhou | xiaozhi-esp32-server-java | 3.0.0 |
| joey-zhou | xiaozhi-esp32-server-java | 4.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in the tryAuthenticateWithCookies function of the AuthenticationInterceptor.java file in the joey-zhou xiaozhi-esp32-server-java component. It allows an attacker to manipulate authentication cookies, leading to improper authentication. The attack can be performed remotely, and an exploit is publicly available. Upgrading to version 4.0.0 fixes this issue.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to bypass proper authentication controls by manipulating cookies, potentially gaining unauthorized access to the system or user accounts. This can lead to data breaches, unauthorized actions, and compromise of system integrity.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade the affected component joey-zhou xiaozhi-esp32-server-java to version 4.0.0, which fixes the issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to bypass authentication and impersonate any user, including administrators, which can lead to unauthorized access to sensitive user information. Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive data. Therefore, the presence of this vulnerability increases the risk of non-compliance with these regulations due to compromised confidentiality and integrity of user data. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of forged or manipulated 'username' cookies in HTTP requests to the affected server, especially targeting the endpoints that rely on cookie-based authentication. Monitoring requests to whitelisted routes such as /api/user/, /api/device/ota, /audio/, /uploads/, and /ws/ for unauthorized access attempts is also important. Additionally, testing the /api/user/queryUsers endpoint for authentication enforcement can reveal if it is improperly accessible. Commands to detect this might include using curl or similar tools to send requests with forged cookies, for example: 1. Check if the server accepts a forged cookie: curl -v --cookie "username=admin" http://<target-server>/api/user/ 2. Test the /api/user/queryUsers endpoint without authentication: curl -v http://<target-server>/api/user/queryUsers 3. Use network monitoring tools (e.g., tcpdump, Wireshark) to capture HTTP requests and inspect cookies for suspicious or forged 'username' values. 4. Use automated vulnerability scanners or custom scripts to attempt authentication bypass by setting the 'username' cookie to known usernames. Note: These commands are examples based on the vulnerability details and should be adapted to your environment and security policies. [4, 3]