CVE-2025-43712

🗓️ 25 Jul 2025 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 34 Views🌐 WEB

JHipster before v8.9.0 allows privilege escalation via modified authorities parameter in login response

Reporter	Title	Published	Views	Family All 12
CNNVD	JHipster 安全漏洞	25 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-43712	25 Jul 202500:00	–	cvelist
EUVD	EUVD-2025-22595	3 Oct 202520:07	–	euvd
Github Security Blog	Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter	25 Jul 202515:30	–	github
NVD	CVE-2025-43712	25 Jul 202513:15	–	nvd
OSV	CVE-2025-43712	25 Jul 202513:15	–	osv
OSV	GHSA-CMM8-GW4M-26CW Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter	25 Jul 202515:30	–	osv
Positive Technologies	PT-2025-30814 · Jhipster · Jhipster	25 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-43712	27 Jul 202500:20	–	redhatcve
Snyk	Incorrect Authorization	25 Jul 202513:41	–	snyk

[
  {
    "defaultStatus": "unknown",
    "product": "JHipster",
    "vendor": "JHipster",
    "versions": [
      {
        "lessThan": "8.9.0",
        "status": "unknown",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
firecompass	www.firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist/
medium	www.medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def
github	www.github.com/jhipster/generator-jhipster/releases
groups	www.groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w

Parameter	Position	Path	Description	CWE
authorities	nested	/api/account	Privilege escalation by manipulating the authorities value in the /api/account response to impersonate ROLE_ADMIN.	CWE-284, CWE-451

15 Apr 2026 00:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.18

EPSS0.00162

SSVC