CVE-2025-8756

Medium CVSS: 5.3

A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Tduckcloud

Product

Tduck-platform

CWE

CWE-266

Yayın Tarihi

2025-08-09 15:15:29

Güncelleme

2025-09-11 17:10:09

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Tduck-platform MEDIUM Tduckcloud 2025

Referanslar

https://github.com/TDuckCloud/tduck-platform/issues/28 https://github.com/TDuckCloud/tduck-platform/issues/28#issue-3269885235 https://vuldb.com/?ctiid.319261 https://vuldb.com/?id.319261 https://vuldb.com/?submit.624188 https://github.com/TDuckCloud/tduck-platform/issues/28

Benzer Kayıtlar

Critical

CVE-2025-57631

SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file up…

Medium

CVE-2025-7888

A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function U…

Medium

CVE-2025-0558

A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the…