CNNVD-202512-680 Information

CNNVD ID

CNNVD-202512-680

Related CVE

CVE-2025-14088

• CNNVD Published: 2025-12-05

Description (Chinese)

JEPaaS是中国凯特伟业（JEPaaS）公司的一款快速开发平台。 JEPaaS 7.2.8及之前版本存在授权问题漏洞，该漏洞源于授权不当，可能导致远程攻击。

Description (English)

JEPaS is a fast-growing platform for the company JEPaS of China. JepaaS 7.2.8 and previous versions had a mandate gap, which stemmed from inappropriate mandates and could lead to long-range attacks.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

凯特伟业

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/zhangbuneng/The-Jepaas-platform-has-a-vertical-privilege-escalation-vulnerability./issues/1 https://vuldb.com/?ctiid.334478 https://vuldb.com/?id.334478 https://vuldb.com/?submit.695316