Login Sign Up

CVE-2025-10821

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthorized access to topic category data in fuyang_lipengjun platform 1.0 due to improper authorization in the TopicCategoryController. Attackers can remotely exploit this flaw to access sensitive information they shouldn't have permission to view. All users running the vulnerable version are affected.

💻 Affected Systems

Products:
  • fuyang_lipengjun platform
Versions: 1.0
Operating Systems: All platforms running the vulnerable software
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation of version 1.0

📦 What is this software?

Platform by Fuyang Lipengjun

View all CVEs affecting Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to all topic category data, potentially exposing sensitive organizational information or user data stored in these categories.

🟠

Likely Case

Unauthorized users access topic category information they shouldn't see, potentially revealing internal organizational structures or sensitive categorization data.

🟢

If Mitigated

With proper authorization controls, only authenticated users with appropriate permissions can access topic category data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been published and may be used according to vulnerability description

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check vendor for updated version

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check with vendor for patched version 2. Apply available patches 3. Verify authorization controls are properly implemented

🔧 Temporary Workarounds

Implement proper authorization middleware

all

Add authorization checks before the TopicCategoryController queryAll function executes

Implement role-based access control for /topiccategory/queryAll endpoint

Restrict network access

all

Limit access to the vulnerable endpoint to authorized users only

Configure firewall rules to restrict access to /topiccategory/queryAll

🧯 If You Can't Patch

  • Implement network segmentation to isolate the vulnerable system
  • Deploy web application firewall with rules to detect and block unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized users can access /topiccategory/queryAll endpoint without proper permissions

Check Version:

Check platform version in admin panel or configuration files

Verify Fix Applied:

Verify that only authorized users with proper permissions can access the topic category data

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to /topiccategory/queryAll
  • Multiple failed authorization attempts followed by successful access

Network Indicators:

  • Unusual traffic patterns to /topiccategory/queryAll endpoint
  • Access from unauthorized IP addresses

SIEM Query:

source_ip NOT IN authorized_ips AND uri_path="/topiccategory/queryAll"

📊 Metadata

CVE ID: CVE-2025-10821
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-266
EPSS Score: 0.04% exploit probability (12.7th percentile)
Published: September 22, 2025
Last Updated: October 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10821, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)