Improper Access Control in Dromara Northstar Web Interceptor
CVE-2025-7552

6.3MEDIUM

Key Information:

Vendor: Dromara
Status: Northstar
Vendor: CVE Published:; 14 July 2025

What is CVE-2025-7552?

An improper access control vulnerability exists in the Dromara Northstar up to version 7.3.5, specifically within the preHandle function of the AuthorizationInterceptor.java file. This vulnerability can be exploited through remote attacks by manipulating the Request argument, potentially allowing unauthorized access to sensitive resources. Users are strongly advised to upgrade to version 7.3.6, where this issue is addressed through a patch identified as 8d521bbf531de59b09b8629a9cbf667870ad2541.

References

https://gitee.com/dromara/northstar/commit/8d521bbf531de5...

https://gitee.com/dromara/northstar/issues/ICCQ4E

https://gitee.com/dromara/northstar/issues/ICCQ4E#note_42...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025