VDB
CVE-2025-3967
CVE-2025-3967
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
EPSS 0.27% · 50.6th percentile
Risk Scores
CVSS v4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.27%
50.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| itwanger | paicoding | 1.0.3, 1.0.3 |
Timeline
- Apr 27, 2025 EPSS Score
- Apr 27, 2025 CVE Published
- Apr 27, 2025 PoC Published
- Apr 27, 2025 PoC Published
- Apr 28, 2025 CVE Updated
- May 9, 2025 EPSS Score
- May 21, 2025 EPSS Score
- May 24, 2025 Coalition ESS Score
- Jun 2, 2025 EPSS Score
- Jun 14, 2025 EPSS Score
- Jun 26, 2025 EPSS Score
- Jul 8, 2025 EPSS Score
References
- VDB-306303 | itwanger paicoding Article post improper authorization vdb
- VDB-306303 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #557251 | itwanger paicoding 1.0.3 Logical loopholes 2 third-party-advisory
- https://github.com/uglory-gll/javasec/blob/main/paicoding.md url
- https://github.com/uglory-gll/javasec/blob/main/paicoding.md#22articleapipost-horizontal-overstepping-of-authority exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-3967 advisory