Information Disclosure Vulnerability in Kaifangqian Base Affects User Data Management
CVE-2025-11406

5.3MEDIUM

Key Information:

Vendor

Kaifangqian

Status
Kaifangqian-base
Vendor
CVE Published:
7 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11406?

A critical security flaw has been identified in kaifangqian-base affecting the getAllUsers function within the SysUserController.java. This vulnerability allows for remote manipulation, potentially leading to unauthorized information disclosure. The exploit is publicly available, posing significant risks as the product does not have versioning, making it challenging to ascertain which releases are affected or unaffected.

Affected Version(s)

kaifangqian-base 7b3faecda13848b3ced6c17c7423b76c5b47b8ab

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11406 - Proof of Concept

References

https://vuldb.com/?id.327343
vdb-entrytechnical-description
https://vuldb.com/?ctiid.327343
signaturepermissions-required
https://vuldb.com/?submit.665162
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tta0 (VulDB User)
JSON
.
CVE-2025-11406 : Information Disclosure Vulnerability in Kaifangqian Base Affects User Data Management