Authentication Bypass Vulnerability in Stroom Data Processing Platform
CVE-2025-25182

9.4CRITICAL

Key Information:

Vendor

Gchq

Status
Stroom
Vendor
CVE Published:
12 February 2025

What is CVE-2025-25182?

CVE-2025-25182 is a critical vulnerability identified in the Stroom Data Processing Platform, developed by GCHQ. Stroom serves as a robust tool for data processing, storage, and analysis, facilitating organizations in managing large volumes of data efficiently. This vulnerability permits an authentication bypass for instances of Stroom configured with certain settings, specifically when not accessed through an Application Load Balancer (ALB). Without proper authentication, unauthorized users may gain access to sensitive data and functionalities, which could severely disrupt operations and compromise the integrity and confidentiality of data managed within the platform.

Technical Details

The vulnerability arises in Stroom versions from 7.2-beta.53 and earlier, affecting configurations that do not utilize ALB Authentication integration while remaining network accessible. It could also lead to server-side request forgery (SSRF), which poses additional risks as it allows potential attackers to leverage the AWS metadata URL for further exploitation, including code execution or escalation of privileges. Remediation has been implemented in later versions (7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2), which address this security flaw.

Potential Impact of CVE-2025-25182

  1. Unauthorized Access: Exploitation of this vulnerability can lead to unauthorized users bypassing authentication mechanisms, granting them access to sensitive data and functionalities within the Stroom platform, which may otherwise be protected.

  2. Data Integrity Compromise: The ability to execute server-side requests through this vulnerability could allow attackers to manipulate or exfiltrate data, leading to data breaches and integrity issues within the data processing workflows.

  3. Privilege Escalation: The potential for server-side request forgery allows a compromised system to issue requests under the identity of the server, enabling attackers to escalate privileges and further exploit the environment, potentially gaining control over critical systems.

Affected Version(s)

stroom >= 7.2-beta.53, < 7.2.24 < 7.2-beta.53, 7.2.24

stroom = 7.5-beta.1 = 7.5-beta.1

stroom >= 7.3-beta.1, < 7.3-beta.22 < 7.3-beta.1, 7.3-beta.22

References

https://github.com/gchq/stroom/security/advisories/GHSA-x...
x_refsource_CONFIRM
https://github.com/gchq/stroom/pull/4320
x_refsource_MISC

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.