CNNVD-202512-4882 Information
CNNVD ID
CNNVD-202512-4882
Related CVE
- CNNVD Published: 2025-12-28
Description (Chinese)
Xiaozhi ESP32 Server Java是joey个人开发者的一个 Java 企业级管理平台。 Xiaozhi ESP32 Server Java 3.0.0及之前版本存在授权问题漏洞,该漏洞源于文件AuthenticationInterceptor.java中函数tryAuthenticateWithCookies的错误操作,可能导致身份验证不当。
Description (English)
Xiaozhi ESP32 Server Java is a Java enterprise management platform for joey personal developers. There is a mandate gap in Xiaozhi ESP32 Server Java 3.0.0 and earlier versions, which stems from the error in the tryAuthentityWithCookies function in document Autovision Interceptor.java, which may lead to improper identification.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
个人开发者
Published
2025-12-28
Last Modified
2026-02-24
References
https://github.com/joey-zhou/xiaozhi-esp32-server-java/issues/143#issuecomment-3666534810 https://github.com/joey-zhou/xiaozhi-esp32-server-java/issues/143#issue-3722315701 https://github.com/joey-zhou/xiaozhi-esp32-server-java/releases/tag/v4.0.0 https://vuldb.com/?ctiid.338513 https://vuldb.com/?submit.713990 https://vuldb.com/?id.338513 https://access.redhat.com/security/cve/cve-2025-15135
Patch
https://github.com/joey-zhou/xiaozhi-esp32-server-java/releases
Share on: