Executive Summary

This vulnerability is a Cross-Origin Resource Sharing (CORS) misconfiguration in Eramba Community and Enterprise Editions v3.26.0. It allows an attacker to control the Origin header, which is then reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials set to true. This enables malicious third-party websites to perform authenticated cross-origin requests against the Eramba API, including sensitive endpoints like /system-api/login and /system-api/user/me. As a result, the attacker can access sensitive user session data such as user ID, name, email, and access groups via their JavaScript, leading to full session hijack and data exfiltration without any user interaction.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive user session data and full session hijacking. Attackers can exploit this flaw to perform authenticated cross-origin requests and steal user information such as ID, name, email, and access groups. This can lead to data exfiltration, unauthorized actions performed on behalf of the user, and potential compromise of the affected system without any user interaction.

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by inspecting the HTTP responses from the Eramba API endpoints, such as /system-api/login and /system-api/user/me, to see if the Access-Control-Allow-Origin header reflects the Origin header from the request and if Access-Control-Allow-Credentials is set to true. For example, you can use curl commands to send requests with a custom Origin header and observe the response headers. A sample command is: curl -i -H "Origin: http://malicious.example.com" https://your-eramba-instance/system-api/login. If the Access-Control-Allow-Origin header in the response matches the Origin header and Access-Control-Allow-Credentials is true, the vulnerability is present. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Eramba to version 3.28.0 or later, as this release addresses CVE-2025-55462 by strengthening the CORS configuration and fixing issues related to Access-Control-Allow-Credentials headers. Additionally, review your ACL settings and custom translations as recommended in the release notes. [1]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to hijack user sessions and exfiltrate sensitive user data such as ID, name, email, and access groups via authenticated cross-origin requests. This exposure of personal and potentially sensitive information could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding user data against unauthorized access and breaches. [1]

Useful 0 Not Useful 0