Login Sign Up

CVE-2025-8525

5.3 MEDIUM

📋 TL;DR

This vulnerability in Exrick xboot allows remote attackers to access sensitive information through Spring Boot Admin/Spring Actuator endpoints. It affects all systems running Exrick xboot versions up to 3.3.4. The information disclosure could expose configuration details, environment variables, or other sensitive data.

💻 Affected Systems

Products:
  • Exrick xboot
Versions: up to 3.3.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Spring Boot Admin and Spring Actuator components; default configurations are vulnerable.

📦 What is this software?

Xboot by Exrick

View all CVEs affecting Xboot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain sensitive credentials, API keys, or configuration secrets leading to further system compromise.

🟠

Likely Case

Exposure of internal system information, configuration details, or environment variables that could aid attackers in reconnaissance.

🟢

If Mitigated

Limited exposure of non-critical information with proper access controls and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available; remote unauthenticated access to information endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.5 or later

Vendor Advisory: https://github.com/Exrick/xboot/issues/72

Restart Required: Yes

Instructions:

1. Check current version. 2. Update to xboot 3.3.5+. 3. Restart the application. 4. Verify endpoints are secured.

🔧 Temporary Workarounds

Disable or Secure Actuator Endpoints

all

Restrict access to Spring Boot Actuator endpoints via authentication or network controls.

management.endpoints.web.exposure.include=health,info
management.endpoint.health.show-details=never

Network Segmentation

all

Restrict network access to actuator endpoints using firewalls or security groups.

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure.
  • Add authentication/authorization to all actuator endpoints.

🔍 How to Verify

Check if Vulnerable:

Check if xboot version is ≤3.3.4 and actuator endpoints are accessible without authentication.

Check Version:

Check application.properties or build.gradle for xboot version.

Verify Fix Applied:

Verify version is ≥3.3.5 and actuator endpoints require authentication or return 403/404.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to /actuator/* endpoints
  • Multiple 200 responses from actuator paths

Network Indicators:

  • Unusual traffic to actuator endpoints from external IPs

SIEM Query:

source_ip=external AND uri_path CONTAINS '/actuator/' AND response_code=200

📊 Metadata

CVE ID: CVE-2025-8525
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
EPSS Score: 0.04% exploit probability (12.8th percentile)
Published: August 4, 2025
Last Updated: August 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8525, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)