CVE-2025-67274
Information Disclosure in continuous.software Aangine via Multiple Modules
Publication date: 2026-01-26
Last updated on: 2026-02-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| continuous.software | aangine | 2025.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67274 is a Broken Access Control vulnerability (specifically Broken Object Level Authorization - BOLA) in the aangine application version 2025.2. It allows low-privileged authenticated users to access multiple admin-restricted backend API endpoints without proper authorization. This happens because the APIs fail to correctly validate user roles or scope claims in JWT tokens, enabling attackers to bypass role and scope checks and access sensitive administrative data by sending direct HTTP requests to these endpoints. [3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information such as internal configuration data, integration job details, logs, and portfolio or project-related records. Attackers exploiting this flaw can gain access to administrative data without proper permissions, potentially compromising the confidentiality of critical business information. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized HTTP requests to admin-restricted API endpoints related to template download, integration job listings, and portfolio data retrieval. Specifically, look for requests to endpoints of the excel-integration-service, integration-persistence-service, and portfolio-item-service modules made by low-privileged users. Commands to detect such activity could include using network traffic inspection tools like tcpdump or Wireshark to filter HTTP requests to these endpoints, or using curl commands to test access control by attempting to access these endpoints with low-privileged credentials. For example, a curl command to test access might be: curl -i -H "Authorization: Bearer <low-privilege-token>" https://<target>/api/excel-integration-service/template-download. Monitoring logs for unauthorized access attempts or unexpected data retrieval from these endpoints can also help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's patch or update that implements proper backend authorization controls to restrict access to admin-restricted API endpoints. Until the patch is applied, restrict access to the affected API endpoints by network-level controls such as firewall rules or API gateway policies to limit access only to authorized administrative users. Additionally, monitor logs and network traffic for suspicious access patterns to these endpoints and revoke any compromised credentials. Inform users about the vulnerability and enforce strict authentication and authorization policies. [3]