Improper Authorization Vulnerability in szluyu99 gin-vue-blog Product
CVE-2025-6099

6.9MEDIUM

Key Information:

Vendor: Szluyu99
Status: Gin-vue-blog
Vendor: CVE Published:; 16 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6099?

A vulnerability exists in the gin-vue-blog product, specifically in the PATCH Request Handler located in the internal/manager.go file. This security issue allows for improper authorization, potentially enabling unauthorized remote access to the system. As the product employs a rolling release mechanism, no specific version details for affected or patched versions have been disclosed, heightening the risk for users. Given that the exploit has been publicly disclosed, it is crucial for users to assess their security posture and implement immediate protective measures.

Affected Version(s)

gin-vue-blog 61dd11ccd296e8642a318ada3ef7b3f7776d2410

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6099 - Proof of Concept

References

https://vuldb.com/?id.312568

vdb-entry

https://vuldb.com/?ctiid.312568

signaturepermissions-required

https://vuldb.com/?submit.589495

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 16, 2025
👾
Exploit known to exist
Jun 16, 2025
Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Jun 15, 2025

Credit

Tritium (VulDB User)

Szluyu99

Badges

What is CVE-2025-6099?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit