Apache Druid Monitoring Console 1.0 IMP Access Control (CVE-2025-3790)
CVE-2025-3790 Published on April 18, 2025
baseweb JSite Apache Druid Monitoring Console index.html access control
A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-3790 has been classified to as an Authorization vulnerability or weakness.
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2025-3790
Want to know whenever a new CVE is published for Apache Druid? stack.watch will email you.
Affected Versions
baseweb JSite Version 1.0 is affected by CVE-2025-3790Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.