CVE-2025-7552

MEDIUM

Dromara Northstar <7.3.5 - Improper Access Controls

Title source: llm

Description

A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation of the argument Request leads to improper access controls. The attack may be launched remotely. Upgrading to version 7.3.6 is able to address this issue. The patch is identified as 8d521bbf531de59b09b8629a9cbf667870ad2541. It is recommended to upgrade the affected component.

Exploits (2)

gitee 4,265 stars

by yu199195 · javawriteup

https://gitee.com/dromara/northstar/issues/ICCQ4E#note_42855013_link

gitee 4,265 stars

by yu199195 · javawriteup

https://gitee.com/dromara/northstar/issues/ICCQ4E

References (6)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.316250

[Patch] https://gitee.com/dromara/northstar/commit/8d521bbf531de59b09b8629a9cbf667870ad2541

[Issue Tracking] https://gitee.com/dromara/northstar/issues/ICCQ4E

[Issue Tracking] https://gitee.com/dromara/northstar/issues/ICCQ4E#note_42855013_link

[Release Notes] https://gitee.com/dromara/northstar/releases/tag/v7.3.6

[Permissions Required, VDB Entry] https://vuldb.com/?id.316250

Scores

CVSS v3 6.3

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-266 CWE-284

Status published

Products (7)

Dromara/Northstar 7.3.0

Dromara/Northstar 7.3.1

Dromara/Northstar 7.3.2

Dromara/Northstar 7.3.3

Dromara/Northstar 7.3.4

Dromara/Northstar 7.3.5

Dromara/Northstar 7.3.6

Published Jul 14, 2025

Tracked Since Feb 18, 2026