Improper Access Controls in LoveCards LoveCardsV2 by LoveCards
CVE-2025-2218

6.9MEDIUM

Key Information:

Vendor
Lovecards
Status
Lovecardsv2
Vendor
CVE Published:
12 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability has been detected in LoveCards LoveCardsV2 versions up to 2.3.2, which allows attackers to manipulate access controls improperly. This issue resides in the Setting Handler component, specifically affecting the file /api/system/other. The vulnerability can be exploited remotely, potentially leading to unauthorized access and control over the affected system components. Despite early disclosure of the exploit to the vendor, there has been no response, increasing the risk that this vulnerability could be actively exploited by malicious actors.

Affected Version(s)

LoveCardsV2 2.3.0

LoveCardsV2 2.3.1

LoveCardsV2 2.3.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-2218 - Proof of Concept

References

https://vuldb.com/?id.299290
vdb-entry
https://vuldb.com/?ctiid.299290
signaturepermissions-required
https://vuldb.com/?submit.512351
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

n0el4kls (VulDB User)
.