CVE-2025-10820 – This vulnerability in the fuyang

Q: What is the severity of CVE-2025-10820?

CVE-2025-10820 has a CVSS score of 4.3 (MEDIUM). This vulnerability in the fuyang_lipengjun platform 1.0 allows unauthorized access to the TopicController's queryAll function, enabling attackers to retrieve topic data without proper authentication. The vulnerability affects all systems running the vulnerable version of this platform. Remote exploitation is possible, making internet-facing deployments particularly at risk.

📋 TL;DR

This vulnerability in the fuyang_lipengjun platform 1.0 allows unauthorized access to the TopicController's queryAll function, enabling attackers to retrieve topic data without proper authentication. The vulnerability affects all systems running the vulnerable version of this platform. Remote exploitation is possible, making internet-facing deployments particularly at risk.

💻 Affected Systems

Products:

fuyang_lipengjun platform

Versions: 1.0

Operating Systems: Any OS running the platform

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable by default. The vulnerability is in the core platform code.

📦 What is this software?

Platform by Fuyang Lipengjun

View all CVEs affecting Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive topic data, potentially including confidential information or user data, leading to data breaches or information disclosure.

🟠

Likely Case

Unauthorized users can view topic content they shouldn't have access to, potentially exposing internal discussions or sensitive information.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to unauthorized data viewing within the application's topic functionality.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist, making internet-facing deployments immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to access unauthorized topic data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

The exploit is publicly documented and appears to be straightforward to execute based on available information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

Check the platform's official repository or contact the maintainer for security updates. Consider upgrading to a newer version if available.

🔧 Temporary Workarounds

Implement Access Control Middleware

all

Add authentication and authorization checks before the TopicController queryAll function executes

Implement middleware that validates user permissions before allowing access to /topic/queryAll endpoint

Network Access Restrictions

all

Restrict access to the vulnerable endpoint using network controls

Configure firewall rules to limit access to /topic/queryAll endpoint to authorized users only

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block unauthorized access to /topic/queryAll endpoint
Monitor access logs for unauthorized requests to the vulnerable endpoint and implement alerting

🔍 How to Verify

Check if Vulnerable:

Test if unauthenticated or unauthorized users can access the /topic/queryAll endpoint and retrieve topic data

Check Version:

Check platform documentation or configuration files for version information

Verify Fix Applied:

Verify that proper authentication and authorization checks are in place before the TopicController queryAll function executes

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /topic/queryAll endpoint
Multiple failed authentication attempts followed by successful topic queries

Network Indicators:

Unusual traffic patterns to /topic/queryAll endpoint from unexpected sources

SIEM Query:

source_ip NOT IN authorized_ips AND request_path = "/topic/queryAll" AND response_code = 200

📊 Metadata

CVE ID: CVE-2025-10820

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-266

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: September 22, 2025

Last Updated: October 3, 2025

🔗 References

https://vuldb.com/?ctiid.325177 Permissions Required,VDB Entry
https://vuldb.com/?id.325177 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.653741 Third Party Advisory,VDB Entry
https://www.cnblogs.com/aibot/p/19063465 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10820, you might also want to check these: