CNNVD-202601-4376 Information

CNNVD ID

CNNVD-202601-4376

Related CVE

CVE-2025-70982

• CNNVD Published: 2026-01-26

Description (Chinese)

SpringBlade是中国布雷德（Blade）公司的一套微服务开发平台。 SpringBlade 4.5.0版本存在安全漏洞，该漏洞源于importUser函数访问控制不当，可能导致任意导入敏感用户数据。

Description (English)

SpringBlade is a micro-service development platform for Brade China. There is a security loophole in the SpringBlade 4.5.0 version, which stems from inadequate access controls in the iportUser function, which may lead to the arbitrary import of sensitive user data.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

布雷德

Published

2026-01-26

Last Modified

2026-02-24

References

https://github.com/chillzhuang/SpringBlade/issues/34 https://gist.github.com/old6ma/ea60151aa40ddc1cfb51fbaa0c173117 https://access.redhat.com/security/cve/cve-2025-70982

Patch

https://github.com/chillzhuang/SpringBlade/releases