Access Control Vulnerability in JEPaaS by JEP Software
CVE-2025-10247

5.3MEDIUM

Key Information:

Vendor

JEP Software

Status
Jepaas
Vendor
CVE Published:
11 September 2025

What is CVE-2025-10247?

A security flaw has been identified in JEPaaS version 7.2.8, specifically within the doFilterInternal function of the Filter Handler component. This vulnerability results in faulty access control mechanisms, allowing attackers to manipulate access privileges. The exploitation of this vulnerability can be executed remotely, posing significant risks to sensitive data and application integrity. Despite early notification to the vendor regarding the disclosed vulnerability, there has been no response to address this critical issue.

Affected Version(s)

JEPaaS 7.2.8

References

https://vuldb.com/?id.323547
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323547
signaturepermissions-required
https://vuldb.com/?submit.642413
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

c3p0ooo_Yiqiyin (VulDB User)
.
CVE-2025-10247 : Access Control Vulnerability in JEPaaS by JEP Software