CVE-2025-4328: fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect
Description
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java of the component HTTP Header Handler. The manipulation of the argument Referer leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. In fp2952 spring-cloud-base bis 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion sendBack der Datei /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java der Komponente HTTP Header Handler. Dank Manipulation des Arguments Referer mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.
Classification
CVE ID: CVE-2025-4328
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.1
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Problem Types
Open RedirectAffected Products
Vendor: fp2952
Product: spring-cloud-base
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 5.34% (scored less or equal to compared to others)
EPSS Date: 2025-06-04 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4328https://vuldb.com/?id.307429
https://vuldb.com/?ctiid.307429
https://vuldb.com/?submit.564161
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250423-01.md