Login Sign Up

CVE-2025-2089

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in StarSea99 starsea-mall allows attackers to bypass access controls and modify user information by manipulating the userId parameter in the updateUserInfo function. It affects versions 1.0 and 2.X of the software, enabling remote attackers to potentially compromise user accounts. The exploit is publicly disclosed and can be launched remotely.

💻 Affected Systems

Products:
  • StarSea99 starsea-mall
Versions: 1.0 and 2.X
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the personal/updateInfo endpoint in the UserController component.

📦 What is this software?

Starsea Mall by Starsea99

View all CVEs affecting Starsea Mall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify any user's profile information, potentially escalating privileges, stealing sensitive data, or taking over accounts.

🟠

Likely Case

Unauthorized modification of user profiles, potentially leading to account compromise or data leakage.

🟢

If Mitigated

With proper access controls, only authorized users could modify their own information, limiting impact to individual accounts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit involves manipulating userId parameter; requires some authentication but bypasses authorization checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider workarounds.

🔧 Temporary Workarounds

Implement Proper Authorization Checks

all

Add server-side validation to ensure users can only modify their own information

Modify UserController.java to validate current user ID matches userId parameter

Web Application Firewall Rules

all

Block suspicious requests to /personal/updateInfo endpoint

Configure WAF to detect and block userId parameter manipulation

🧯 If You Can't Patch

  • Isolate the application behind additional authentication layers
  • Implement rate limiting and monitoring on the /personal/updateInfo endpoint

🔍 How to Verify

Check if Vulnerable:

Test if you can modify another user's information by changing userId parameter in updateInfo requests

Check Version:

Check application version in configuration files or admin panel

Verify Fix Applied:

Verify that users can only modify their own information regardless of userId parameter manipulation

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authorization attempts on /personal/updateInfo
  • User ID mismatch in update requests

Network Indicators:

  • Unusual patterns of requests to /personal/updateInfo endpoint

SIEM Query:

source="/personal/updateInfo" AND (userId != current_user_id)

📊 Metadata

CVE ID: CVE-2025-2089
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-266
EPSS Score: 0.14% exploit probability (34.8th percentile)
Published: March 7, 2025
Last Updated: October 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2089, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)