CVE-2025-3305 – CVE-2025-3305 is an improper access control vul... (How to Fix)

Q: What is the severity of CVE-2025-3305?

CVE-2025-3305 has a CVSS score of 4.3 (MEDIUM). CVE-2025-3305 is an improper access control vulnerability in IKUN_Library 1.0 that allows remote attackers to bypass authorization checks in the Borrow Handler component. This affects systems running the vulnerable version of this library software. Attackers could potentially manipulate borrowing operations without proper authentication.

📋 TL;DR

CVE-2025-3305 is an improper access control vulnerability in IKUN_Library 1.0 that allows remote attackers to bypass authorization checks in the Borrow Handler component. This affects systems running the vulnerable version of this library software. Attackers could potentially manipulate borrowing operations without proper authentication.

💻 Affected Systems

Products:

1902756969/code-projects IKUN_Library

Versions: 1.0

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the MvcConfig.java file in the Borrow Handler component. Requires the application to be deployed and accessible.

📦 What is this software?

Ikun Library by 1902756969

View all CVEs affecting Ikun Library →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could manipulate library borrowing records, create fraudulent transactions, or potentially escalate privileges to administrative functions.

🟠

Likely Case

Attackers could bypass borrowing restrictions, manipulate book availability status, or perform unauthorized borrowing operations.

🟢

If Mitigated

With proper authentication and authorization controls, impact would be limited to failed exploitation attempts logged in system logs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. Remote exploitation is possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing custom fixes or workarounds.

🔧 Temporary Workarounds

Implement proper authorization checks

all

Manually add proper authentication and authorization checks in the addInterceptors function of MvcConfig.java

Manual code modification required - no commands available

Network access restriction

linux

Restrict network access to the application to trusted IP ranges only

iptables -A INPUT -p tcp --dport [APP_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [APP_PORT] -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system
Deploy a web application firewall (WAF) with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if running IKUN_Library version 1.0 and examine MvcConfig.java for missing authorization checks in addInterceptors function

Check Version:

Check application configuration or build files for version information

Verify Fix Applied:

Verify that proper authentication and authorization checks are implemented in the addInterceptors function

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to borrowing functions
Failed authentication attempts followed by successful borrowing operations

Network Indicators:

HTTP requests to borrowing endpoints without proper authentication headers
Unusual borrowing patterns from unexpected IP addresses

SIEM Query:

source="application.logs" AND ("Borrow Handler" OR "addInterceptors") AND (status="200" OR status="success") AND NOT (user!="anonymous" OR auth="true")

📊 Metadata

CVE ID: CVE-2025-3305

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-266

EPSS Score: 0.22% exploit probability (43.9th percentile)

Published: April 5, 2025

Last Updated: April 8, 2025

🔗 References

https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/IKUN_Library-authority.md Exploit
https://vuldb.com/?ctiid.303502 Permissions Required,VDB Entry
https://vuldb.com/?id.303502 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.550186 Third Party Advisory,VDB Entry
https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/IKUN_Library-authority.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3305, you might also want to check these: