CVE-2025-3790 – This critical vulnerability in baseweb JSite 1.... (How to Fix)

Q: What is the severity of CVE-2025-3790?

CVE-2025-3790 has a CVSS score of 5.3 (MEDIUM). This critical vulnerability in baseweb JSite 1.0's Apache Druid Monitoring Console allows unauthorized access to the /druid/index.html component due to improper access controls. Attackers can exploit this remotely to access monitoring data and potentially administrative functions. Organizations running baseweb JSite 1.0 with Apache Druid Monitoring Console are affected.

📋 TL;DR

This critical vulnerability in baseweb JSite 1.0's Apache Druid Monitoring Console allows unauthorized access to the /druid/index.html component due to improper access controls. Attackers can exploit this remotely to access monitoring data and potentially administrative functions. Organizations running baseweb JSite 1.0 with Apache Druid Monitoring Console are affected.

💻 Affected Systems

Products:

baseweb JSite
Apache Druid Monitoring Console

Versions: 1.0

Operating Systems: All platforms running baseweb JSite

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the /druid/index.html component within baseweb JSite 1.0 installations.

📦 What is this software?

Jsite by Jsite

View all CVEs affecting Jsite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the monitoring console leading to data exfiltration, system manipulation, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized access to sensitive monitoring data, configuration information, and potential privilege escalation within the Druid environment.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but may have additional network controls reducing exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed, making weaponization likely. The vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version of baseweb JSite if available, or implement workarounds.

🔧 Temporary Workarounds

Restrict Access to /druid/index.html

all

Block or restrict access to the vulnerable endpoint using web server configuration or network controls.

# Apache: <Location /druid/index.html> Require all denied </Location>
# Nginx: location /druid/index.html { deny all; }

Implement Authentication

all

Add authentication requirements to access the Druid monitoring console.

# Add basic auth to Apache: <Location /druid> AuthType Basic AuthName "Restricted" AuthUserFile /path/to/.htpasswd Require valid-user </Location>

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from critical assets
Deploy a web application firewall (WAF) with rules to block unauthorized access to /druid/index.html

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[target]/druid/index.html without authentication. If accessible, the system is vulnerable.

Check Version:

Check baseweb JSite configuration files or documentation for version information, typically in package.json or similar manifest files.

Verify Fix Applied:

After implementing workarounds, verify that unauthorized access to /druid/index.html is blocked and proper authentication is required.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /druid/index.html
Successful access to /druid/index.html without authentication logs

Network Indicators:

HTTP requests to /druid/index.html from unauthorized IPs
Unusual traffic patterns to the Druid monitoring endpoint

SIEM Query:

source="web_server_logs" AND (uri="/druid/index.html" OR uri="/druid/") AND (response_code=200 OR auth_failure=false)

📊 Metadata

CVE ID: CVE-2025-3790

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-266

EPSS Score: 0.23% exploit probability (45.4th percentile)

Published: April 18, 2025

Last Updated: October 15, 2025

🔗 References

https://github.com/caigo8/CVE-md/blob/main/JSite/durid%E6%9C%AA%E6%8E%88%E6%9D%83.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.305613 Permissions Required,VDB Entry
https://vuldb.com/?id.305613 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.554572 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3790, you might also want to check these: