Information disclosure via SysUserController in Kaifangqian Base
CVE-2025-11406 Published on October 7, 2025
kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure
A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-11406 has been classified to as an Information Disclosure vulnerability or weakness.
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-11406 has been classified to as an Authorization vulnerability or weakness.
Affected Versions
kaifangqian-base Version 7b3faecda13848b3ced6c17c7423b76c5b47b8ab is affected by CVE-2025-11406Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.