CVE-2025-50900

Name of the Vulnerable Software and Affected Versions: getrebuild/rebuild version 4.0.4

Description: An issue exists in the com.rebuild.web.RebuildWebInterceptor class, specifically within the preHandle function. The code uses CodecUtils.urlDecode(request.getRequestURI()) to decode the request path and checks if it ends with /error. If it does, the interceptor is skipped, otherwise, a redirect to the /user/login API endpoint occurs. This allows unauthenticated attackers to potentially gain sensitive information or escalate privileges.

Recommendations: For getrebuild/rebuild version 4.0.4, ensure proper authentication checks are implemented before allowing access to any resources or redirecting to the /user/login API endpoint.