CVE-2025-9310 – This vulnerability exposes hard-coded credentia... (How to Fix)

Q: What is the severity of CVE-2025-9310?

CVE-2025-9310 has a CVSS score of 5.3 (MEDIUM). This vulnerability exposes hard-coded credentials in the Druid component of yeqifu carRental software, allowing attackers to gain unauthorized access to the system. The vulnerability affects all versions up to commit 3fabb7eae93d209426638863980301d6f99866b3, and can be exploited remotely without authentication.

📋 TL;DR

This vulnerability exposes hard-coded credentials in the Druid component of yeqifu carRental software, allowing attackers to gain unauthorized access to the system. The vulnerability affects all versions up to commit 3fabb7eae93d209426638863980301d6f99866b3, and can be exploited remotely without authentication.

💻 Affected Systems

Products:

yeqifu carRental

Versions: All versions up to commit 3fabb7eae93d209426638863980301d6f99866b3

Operating Systems: Any OS running the carRental application

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Druid component specifically at /carRental_war/druid/login.html. The product uses rolling releases, so specific version numbers are not available.

📦 What is this software?

Carrental by Carrental Project

View all CVEs affecting Carrental →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the Druid monitoring interface, potentially compromising the entire carRental application and accessing sensitive data.

🟠

Likely Case

Unauthorized access to Druid monitoring dashboard, allowing attackers to view system metrics, execute SQL queries, and potentially escalate privileges.

🟢

If Mitigated

Limited impact if Druid interface is properly firewalled and access controls are implemented, though credentials remain exposed in code.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely and the exploit has been publicly disclosed.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the vulnerable endpoint.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed on GitHub and vuldb.com. Attackers can use hard-coded credentials to bypass authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - product uses rolling releases

Vendor Advisory: None found

Restart Required: No

Instructions:

Update to the latest version after commit 3fabb7eae93d209426638863980301d6f99866b3. Check the project repository for security updates.

🔧 Temporary Workarounds

Restrict access to Druid endpoint

Linux

Block external access to /carRental_war/druid/ using firewall rules or web server configuration

iptables -A INPUT -p tcp --dport 8080 -m string --string "/carRental_war/druid/" --algo bm -j DROP

Change Druid credentials

all

Modify the hard-coded credentials in the Druid configuration files

Edit druid.properties or similar configuration files to replace default credentials

🧯 If You Can't Patch

Implement network segmentation to isolate the carRental application from untrusted networks
Deploy a web application firewall (WAF) with rules to block access to the Druid endpoint

🔍 How to Verify

Check if Vulnerable:

Attempt to access /carRental_war/druid/login.html and check if default credentials work. Review the commit hash in your deployment.

Check Version:

Check git log for commit history: git log --oneline | head -20

Verify Fix Applied:

Verify that the Druid login page requires proper authentication and that hard-coded credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts to Druid endpoint
Successful logins from unexpected IP addresses to /carRental_war/druid/

Network Indicators:

HTTP requests to /carRental_war/druid/login.html from external IPs
Multiple authentication attempts to Druid endpoint

SIEM Query:

source="web_server" AND (uri="/carRental_war/druid/login.html" OR uri="/carRental_war/druid/")

📊 Metadata

CVE ID: CVE-2025-9310

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-259

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: August 21, 2025

Last Updated: September 12, 2025

🔗 References

https://github.com/caigo8/CVE-md/blob/main/carRentalV1.0/druid%E6%9C%AA%E6%8E%88%E6%9D%83.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.320915 Permissions Required,VDB Entry
https://vuldb.com/?id.320915 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.633588 Third Party Advisory,VDB Entry
https://github.com/caigo8/CVE-md/blob/main/carRentalV1.0/druid%E6%9C%AA%E6%8E%88%E6%9D%83.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9310, you might also want to check these: