CVE-2025-8838

Aug. 11, 2025, 6:32 p.m.

6.9
Medium

Description

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page."

Product(s) Impacted

Vendor Product Versions
Winterchens
  • My-site
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a winterchens my-site / / / / / / / /

References

https://github.com/WinterChenS/my-site/issues/97
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571
https://vuldb.com/?ctiid.319372
https://vuldb.com/?id.319372
https://vuldb.com/?submit.622421
https://github.com/WinterChenS/my-site/issues/97
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2986947791
https://github.com/WinterChenS/my-site/issues/97#issuecomment-2987091571
https://vuldb.com/?submit.622421

Tags

CWE-287
cna@vuldb.com
2025-08-11
CVE-2025-8838

CVSS Score

6.9 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
  • Exploit Maturity: PROOF_OF_CONCEPT

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Aug. 11, 2025, 9:15 a.m.
Last Modified: Aug. 11, 2025, 6:32 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.