CVE-2025-3398

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Lenve VBlog versions up to 1.0.0

Description: A critical issue was found, affecting the configure function of the WebSecurityConfig.java file. This leads to improper access controls, allowing remote attacks. The issue has been publicly disclosed and may be exploited.

Recommendations: For versions up to 1.0.0, as a temporary workaround, consider restricting access to the configure function of the WebSecurityConfig.java file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2025-3398

Affected Products

Lenve Vblog

CVE-2025-3398

Weakness Enumeration

Related Identifiers

Affected Products

References · 9