CVE-2025-2320
published 2025-03-14CVE-2025-2320: A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.64%
46.0th percentile
A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 274056675 | springboot-openai-chatgpt | — | — |
| 274056675 | springboot-openai-chatgpt | — | — |
| linux | linux_kernel | >= 3.16.0 < 5.4.302 | 5.4.302 |
| linux | linux_kernel | >= 5.11.0 < 5.15.197 | 5.15.197 |
| linux | linux_kernel | >= 5.16.0 < 6.1.159 | 6.1.159 |
| linux | linux_kernel | >= 5.5.0 < 5.10.247 | 5.10.247 |
| linux | linux_kernel | >= 6.13.0 < 6.17.9 | 6.17.9 |
| linux | linux_kernel | >= 6.2.0 < 6.6.117 | 6.6.117 |
| linux | linux_kernel | >= 6.7.0 < 6.12.59 | 6.12.59 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
osv·2025-12-06
CVE-2025-40281 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
In the Linux kernel, the following vulnerability has been resolved:
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
syzbot reported a possible shift-out-of-bounds [1]
Blamed commit added rto_alpha_max and rto_beta_max set to 1000.
It is unclear if some sctp users are setting very large rto_alpha
and/or rto_beta.
In order to prevent user regression, perform the test at run time.
Also add READ_ONCE() annotations as sysctl values can change under us.
[1]
UBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41
shift exponent 64 is too large for 32-bit type 'unsigned int'
CPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute E
GHSA
GHSA-h765-x6xw-q46w: A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical
ghsa_unreviewed·2025-03-15
CVE-2025-2320 [MEDIUM] CWE-266 GHSA-h765-x6xw-q46w: A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical
A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Red Hat
kernel: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
vendor_redhat·2025-12-06·CVSS 4.4
CVE-2025-40281 [MEDIUM] CWE-1335 kernel: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
kernel: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
In the Linux kernel, the following vulnerability has been resolved:
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
syzbot reported a possible shift-out-of-bounds [1]
Blamed commit added rto_alpha_max and rto_beta_max set to 1000.
It is unclear if some sctp users are setting very large rto_alpha
and/or rto_beta.
In order to prevent user regression, perform the test at run time.
Also add READ_ONCE() annotations as sysctl values can change under us.
[1]
UBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41
shift exponent 64 is too large for 32-bit type 'unsigned int'
CPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute E
No detection rules found.
No public exploits indexed.
2025-03-14
Published