Application Development, Potential Risk of CVE

CVE-2025-3305: code projects IKUN_Library – Improper access control and incorrect privilege  assignment (6th Apr 2025)

Leave a comment

Preface: Investment bank use Spring Boot for developing microservices and REST APIs. Hospitality utilizes Spring Boot for various backend services. Automotive company Uses Spring Boot for configuration management and service discovery.

Background: IKUN_Library 1.0 is a library management system developed using SpringBoot and MyBatis. It provides functionalities for managing books, readers, and borrowing records. The system includes features like:

  • Basic CRUD operations (Create, Read, Update, Delete)
  • Login validation with interceptors
  • RESTful API for interface design
  • Database management using MySQL

Spring Boot is a popular framework that can be used to build a wide variety of Java applications, including: Web applications: Spring Boot is commonly used to build web applications, including REST APIs, web services, and MVC-based applications.

Vulnerability details: A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig[.]java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Official announcement: Please refer to the official announcement for details – https://nvd.nist.gov/vuln/detail/CVE-2025-3305

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.