CVE-2025-4542

11.05.2025, 18:15

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel  API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.1 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
VulDB	CNA	3.1 LOW				CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Common Weakness Enumeration

CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250429-01.md

https://vuldb.com/?ctiid.308288

https://vuldb.com/?id.308288

https://vuldb.com/?submit.567214

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250429-01.md