CNNVD-202511-2196 Information

Nov 19, 2025 cve

CNNVD ID

CNNVD-202511-2196

CVE-2025-34337

CNNVD Published: 2025-11-19

Description (Chinese)

egovframe-common-components是e-Government Standard Framework Center开源的一个常用函数集合。 egovframe-common-components 4.3.1及之前版本存在安全漏洞，该漏洞源于对称加密的设计缺陷，可能导致访问控制绕过。

Description (English)

egovframe-common-components are a common set of functions for e-Governance Standard Framework Center. There is a security loophole in egovframe-common-components 4.3.1 and previous versions, which stems from the design defects of symmetric encryption, which may lead to access controls bypassing.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

e-Government Standard Framework Center

Published

2025-11-19

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/egovframework-unauthenticated-encryption-oracle-via-web-editor-image-upload-endpoints https://pierrekim.github.io/advisories/2025-egovframe.txt https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html https://www.egovframe.go.kr/eng/sub.do?menuNo=2 https://github.com/eGovFramework/egovframe-common-components https://access.redhat.com/security/cve/cve-2025-34337

Share on: