Unauthorized Access via Ticket Handler in Veal98 Echo 4.2
CVE-2025-3567 Published on April 14, 2025

veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization
A vulnerability, which was classified as problematic, was found in veal98 ??? Echo ?????? 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

NVD

Timeline

VulDB entry created

Advisory disclosed 1 day later.

VulDB entry last update

Weakness Types

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2025-3567 has been classified to as an AuthZ vulnerability or weakness.

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.


Affected Versions

veal98 小牛肉 Echo 开源社区系统 Version 4.2 is affected by CVE-2025-3567

Exploit Probability

EPSS
0.26%
Percentile
49.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.