Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-55948

EPSS 0.06% · P19
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-55948

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests when frontend menu updates (such as privilege revocation) fail to propagate to the backend permission table in real-time, creating a dangerous desynchronization. While users lose access to restricted functions through the web interface (as UI elements properly disappear), the stale permission records still validate unauthorized API requests when accessed directly through tools like Postman. Attackers exploiting this inconsistency can perform privileged operations including but not limited to: creating high-permission user accounts, accessing sensitive data beyond their clearance level, and executing admin-level commands.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
X-SpringBoot 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
X-SpringBoot是czx个人开发者的一个轻量级的Java快速开发平台。 X-SpringBoot 6.0版本存在安全漏洞,该漏洞源于前后端权限组件未同步,可能导致权限提升攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2025-55948

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-55948

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-12-04 · 32 CVEs total

CVE-2025-140124.7 MEDIUMJIZHICMS Batch Delete Comments deleteAll.html delete sql injection
CVE-2025-140114.7 MEDIUMJIZHICMS Add Display Name Field addcomment.html commentlist sql injection
CVE-2025-140132.4 LOWJIZHICMS Comment addcomment.html cross site scripting
CVE-2025-63364Waveshare RS232/485 TO WIFI ETH (B) 安全漏洞
CVE-2025-65899Kalmia 安全漏洞
CVE-2025-66373Akamai Ghost 安全漏洞
CVE-2025-63363Waveshare RS232/485 TO WIFI ETH (B) 安全漏洞
CVE-2025-63361Waveshare RS232/485 TO WIFI ETH (B) 安全漏洞
CVE-2025-63362Waveshare RS232/485 TO WIFI ETH (B) 安全漏洞
CVE-2025-65637Logrus 安全漏洞
CVE-2025-65806e-point CMS 安全漏洞
CVE-2025-29268ALLNET ALL-RUT22GW v3.3.8 安全漏洞
CVE-2025-29269ALLNET ALL-RUT22GW 安全漏洞
CVE-2025-65883Genexis Platinum P4410 安全漏洞
CVE-2025-63499SOGo 安全漏洞
CVE-2025-63896JXL 9 Inch Car Android Double Din Player 安全漏洞
CVE-2025-65900Kalmia 安全漏洞
CVE-2025-65516Seafile Community Edition 安全漏洞
CVE-2025-61148EduplusCampus 安全漏洞
CVE-2025-57210Weitong Mall 安全漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2025-55948

No comments yet

Leave a comment