cbcvebase.
CVE-2025-2320
published 2025-03-14

CVE-2025-2320: A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.64%
46.0th percentile
A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Affected

9 ranges
VendorProductVersion rangeFixed in
274056675springboot-openai-chatgpt
274056675springboot-openai-chatgpt
linuxlinux_kernel>= 3.16.0 < 5.4.3025.4.302
linuxlinux_kernel>= 5.11.0 < 5.15.1975.15.197
linuxlinux_kernel>= 5.16.0 < 6.1.1596.1.159
linuxlinux_kernel>= 5.5.0 < 5.10.2475.10.247
linuxlinux_kernel>= 6.13.0 < 6.17.96.17.9
linuxlinux_kernel>= 6.2.0 < 6.6.1176.6.117
linuxlinux_kernel>= 6.7.0 < 6.12.596.12.59

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.