CVE-2025-10819 – This vulnerability in fuyang_lipengjun platform... (How to Fix)

Q: What is the severity of CVE-2025-10819?

CVE-2025-10819 has a CVSS score of 4.3 (MEDIUM). This vulnerability in fuyang_lipengjun platform 1.0 allows unauthorized access to user coupon data through the UserCouponController queryAll function. Attackers can exploit this to view sensitive coupon information without proper authentication. All users running version 1.0 of this platform are affected.

📋 TL;DR

This vulnerability in fuyang_lipengjun platform 1.0 allows unauthorized access to user coupon data through the UserCouponController queryAll function. Attackers can exploit this to view sensitive coupon information without proper authentication. All users running version 1.0 of this platform are affected.

💻 Affected Systems

Products:

fuyang_lipengjun platform

Versions: 1.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable by default. The vulnerability is in the core platform code.

📦 What is this software?

Platform by Fuyang Lipengjun

View all CVEs affecting Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access all user coupon data, potentially exposing sensitive user information and coupon details that could be used for fraud or further attacks.

🟠

Likely Case

Unauthorized viewing of user coupon information, potentially exposing user activity patterns and coupon usage data.

🟢

If Mitigated

Limited exposure of non-critical coupon data with proper access controls and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details have been publicly disclosed. Attack requires some level of access but bypasses authorization checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: UNKNOWN

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider workarounds.

🔧 Temporary Workarounds

Restrict access to /usercoupon/queryAll endpoint

all

Block or restrict access to the vulnerable endpoint using web application firewall or access controls

# Example: Add to web server config
# For Apache: <Location /usercoupon/queryAll>
#   Order deny,allow
#   Deny from all
# </Location>
# For Nginx: location /usercoupon/queryAll { deny all; }

Implement proper authorization checks

all

Add authentication and authorization middleware to verify user permissions before processing coupon queries

# Modify UserCouponController to include:
# if (!currentUser.hasPermission('view_coupons')) {
#   return unauthorizedResponse();
# }

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system
Deploy web application firewall with rules to detect and block unauthorized coupon queries

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized users can access /usercoupon/queryAll endpoint and retrieve coupon data without proper authentication

Check Version:

# Check platform version in configuration files or admin panel
# Typically found in config files or via platform admin interface

Verify Fix Applied:

Verify that unauthorized access attempts to /usercoupon/queryAll are properly rejected with authentication errors

📡 Detection & Monitoring

Log Indicators:

Multiple unauthorized access attempts to /usercoupon/queryAll
Unusual coupon query patterns from unexpected IP addresses
Access logs showing coupon data retrieval without proper user session

Network Indicators:

Unusual traffic patterns to coupon-related endpoints
Requests to /usercoupon/queryAll without proper authentication headers

SIEM Query:

source="web_logs" AND (uri="/usercoupon/queryAll" OR path="/usercoupon/queryAll") AND (user="-" OR auth_status="failed" OR response_code="200" AND user_role!="admin")

📊 Metadata

CVE ID: CVE-2025-10819

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-266

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: September 22, 2025

Last Updated: October 3, 2025

🔗 References

https://vuldb.com/?ctiid.325176 Permissions Required,VDB Entry
https://vuldb.com/?id.325176 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.653740 Third Party Advisory,VDB Entry
https://www.cnblogs.com/aibot/p/19063466 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10819, you might also want to check these: