PT-2025-29397 · Dromara · Dromara Northstar

张淇伊

Published

2025-07-13

Updated

2025-07-14

CVE-2025-7552

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Dromara Northstar versions through 7.3.5

Description: A critical issue exists in Dromara Northstar related to improper access controls. The preHandle function within the Path Handler component, specifically in the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java, is susceptible to manipulation via the Request argument. This allows for unauthorized access and can be exploited remotely.

Recommendations: Upgrade to version 7.3.6 to address this issue.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2025-7552

Affected Products

Dromara Northstar

PT-2025-29397 · Dromara · Dromara Northstar

CVE-2025-7552

Weakness Enumeration

Related Identifiers

Affected Products

References · 10