CVE-2025-43712 Information
Jul 26, 2025
cve
Description
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulating the authorities parameter and changing its value to ROLE_ADMIN the privilege is successfully escalated to an Admin level. This allowed the access to all admin-related functionalities in the application.
Reference
https://github.com/jhipster/generator-jhipster/releases https://medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def
Related CNNVD
CNNVD-202507-3156 (Published: 2025-07-25)
Share on: