ketr JEPaaS load improper authorization_CVE-2025-14088

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-14088

Source VulDB

Published Dec 5, 2025 at 14:32

Modified Dec 5, 2025 at 16:47

Affected Product

Vendor ketr

Product JEPaaS

Version 7.2.0

Affected Versions ketr JEPaaS 7.2.0
ketr JEPaaS 7.2.1
ketr JEPaaS 7.2.2
ketr JEPaaS 7.2.3
ketr JEPaaS 7.2.4
ketr JEPaaS 7.2.5
ketr JEPaaS 7.2.6
ketr JEPaaS 7.2.7
ketr JEPaaS 7.2.8

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-12-05T14:32:07.388Z",
    "modified": "2025-12-05T16:47:50.244Z",
    "type": "cve",
    "title": "ketr JEPaaS load improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334478\nhttps://vuldb.com/?ctiid.334478\nhttps://vuldb.com/?submit.695316\nhttps://github.com/zhangbuneng/The-Jepaas-platform-has-a-vertical-privilege-escalation-vulnerability./issues/1",
    "id": "CVE-2025-14088",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "ketr JEPaaS 7.2.0\nketr JEPaaS 7.2.1\nketr JEPaaS 7.2.2\nketr JEPaaS 7.2.3\nketr JEPaaS 7.2.4\nketr JEPaaS 7.2.5\nketr JEPaaS 7.2.6\nketr JEPaaS 7.2.7\nketr JEPaaS 7.2.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JEPaaS",
    "version": "7.2.0",
    "vendor": "ketr",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}