CVE-2025-3567

Name of the Vulnerable Software and Affected Versions: veal98 小牛肉 Echo 开源社区系统 version 4.2

Description: A vulnerability was found in the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely.

Recommendations: For version 4.2, consider disabling the preHandle function of the LoginTicketInterceptor until a patch is available. Restrict access to the LoginTicketInterceptor component to minimize the risk of exploitation.