CNNVD-202601-3953 Information

CNNVD ID

CNNVD-202601-3953

Related CVE

CVE-2025-70983

• CNNVD Published: 2026-01-23

Description (Chinese)

SpringBlade是中国布雷德（Blade）公司的一套微服务开发平台。 SpringBlade v4.5.0版本存在安全漏洞，该漏洞源于authRoutes函数访问控制不当，可能导致低权限攻击者提升权限。

Description (English)

SpringBlade is a micro-service development platform for Brade China. There is a security loophole in the SpringBlade v4.5.0 version, which stems from inadequate access controls in the SouthRoutes function, which may lead to a higher authority for low-authority attackers.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

布雷德

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/chillzhuang/SpringBlade https://gist.github.com/old6ma/9c4d2ba32cd8f562cb80796538157912 https://github.com/chillzhuang/SpringBlade/issues/35 https://access.redhat.com/security/cve/cve-2025-70983

Patch

https://gitee.com/smallc/SpringBlade/releases/tag/v4.8.0